Win32/PSW.Legendmir [Threat Name] go to Threat

Win32/PSW.Legendmir.AX [Threat Variant Name]

Category trojan
Size 63488 B
Detection created Jul 26, 2004
Detection database version 1821
Aliases PWS:Win32/Lmir.AX (Microsoft)
  PWS-LegMir (McAfee)
  Trojan.Killproc!gen (Symantec)
Short description

The trojan collects information related to the on-line game Legend of Mir 2 . The trojan attempts to send gathered information to a remote machine.

Installation

When executed, the trojan copies itself into the following location:

  • %windir%\­lnternet.exe

The following Registry entries are created:

  • [HKEY_LOCAL_MACHINE\­Software\­Microsoft\­Windows\­CurrentVersion\­RunServices]
    • "lnternet" = "lnternet.exe"

This causes the trojan to be executed on every system start.

Information stealing

Win32/PSW.Legendmir.AX is a trojan that steals account names and passwords for the following online games:

  • Legend of Mir 2

The following information is collected:

  • computer name
  • computer IP address

The trojan attempts to send gathered information to a remote machine.


The trojan sends the information via e-mail.

Other information

Win32/PSW.Legendmir.AX is a trojan that terminates specific applications.


The trojan terminates any program that creates a window containing any of the following strings in its name:

  • ZoneAlarm
  • RavMon.exe

The following programs are terminated:

  • EGHOST.EXE
  • MAILMON.EXE
  • KAVPFW.EXE
  • netbargp.exe

The trojan keeps various information in the following Registry keys:

  • [HKEY_CLASSES_ROOT\­legend of mir2\­Enter]
  • [HKEY_CLASSES_ROOT\­legend of mir2\­Registry]
  • [HKEY_CLASSES_ROOT\­legend of mir2\­Change password]

Please enable Javascript to ensure correct displaying of this content and refresh this page.