Win32/PSW.Fantast.22 [Threat Name] go to Threat

Win32/PSW.Fantast.22 [Threat Variant Name]

Category trojan
Size 18496 B
Detection created Apr 15, 2005
Aliases PWS:Win32/Fantast (Microsoft)
  Win32.HLLM.Fantast.22 (Dr.Web)
Short description

Win32/PSW.Fantast.22 is a trojan that steals sensitive information. The trojan attempts to send gathered information to a remote machine.

Installation

When executed, the trojan copies itself into the following location:

  • %windir%\­winns.exe

The trojan attempts to modify the following file:

  • system.ini

The trojan writes the following entries to the file:

  • [boot]
    • shell=Explorer.exe winns.exe

This causes the trojan to be executed on every system start.

Information stealing

Win32/PSW.Fantast.22 is a trojan that steals sensitive information.


The trojan collects the following information:

  • computer name
  • user name
  • operating system version
  • hardware information
  • memory status
  • window text content

The collected information is stored in the following file:

  • %windir%\­userfile.dll

The trojan attempts to send gathered information to a remote machine.


The trojan sends the information via e-mail.

Other information

The trojan acquires data and commands from a remote computer or the Internet.


The trojan contains a URL address. The HTTP protocol is used.


The trojan may create the following files:

  • %windir%\­wins.dll

Please enable Javascript to ensure correct displaying of this content and refresh this page.