Home/ Spyware Encyclopedia / PSW.ICQ | |  | PSW.ICQ Technical Details |  |
| | Category |  | PSW | | Discovered | | 2/21/2008 11:40:00 AM | | Modified | | 6/16/2008 17:56:00 PM | | Threat Level | | Critical | | Description | | This family of Trojans steal passwords, normally system passwords from victim machines. They search for system files which contain confidential information such as passwords and Internet access telephone numbers and then send this information to an email address coded into the body of the Trojan. The ‘master’ or user of the illegal program will then retrieve and misuse this information..Most common behavior:1. Ask for password using fake window2. Change ICQ, MSN, AOL configuration3.Get cached Windows passwords. | | Summary | | The hosts file was updated with the following url-to-ip mappings: n/a
The following http urls were started: n/a
Generated smtp traffic: n/a
Connection(s) established with remote IRC Server: n/a
The following hidden entries created: n/a
The following internet connection was established: n/a
| | When the PSW is executed, it creates the following files: | | Name | Version | Publisher | Signature (MD5) | File Size (in Bytes) | | ..\icq password recovery 2005 \ibuildlib1.dll | | | 49b8d39a07f7b7dc7d9af8ffde58eb00 | 57344 | | ..\icq password recovery 2005 \icqrecovery.exe | 5.0.0.0 | Alpine Snow | 5b8b89bee43e2759c7d9c48170c4ebbb | 28160 | | ..\2ddec2d1.dll | | | ee390ee9cf661c07fabf37012314beae | 20531 | | ..\3c8799de.dll | | | 6897d4b8f7d9bf847a0989f3e3bc3073 | 21037 | | ..\670d19d5.dll | | | 5e191bce7db7058da1bfd890ce35dc9e | 12288 | | ..\c320f1fc.dll | | | 341a36f208b730595b8857db2e3d57db | 12288 | | ..\20c89f02.exe | | | 4b5b3f74e7073a0f8304c734f0f1c944 | 11264 | | ..\e16ab138.exe | | | ca2b177aa5201f51e021450d94d3a3b5 | | | ..\796ce37d.dll | | | d48cfe548ce7c2de57609868dcfc61a6 | 12288 | | ..\de2c0329.exe | | | 4a96691df50e66b9b6d5e310164c00ad | 1023679 | | ..\a89975e8.exe | | | b2a83cae32df3174f665a8b279ca072b | 322690 | | ..\57d6d1f9.exe | 1.0.0.0 | ZloySoft© | 69675a3f523501e0290dca6a86bd0012 | 90112 |
|
| | When the PSW is executed, it creates the following Registry entries: | | • | ..\software\microsoft\windows\currentversion\uninstall\icq password recovery 2005 |
|
|
Recommendation to remove PSW.ICQ |  | Spyware Detector can remove PSW.ICQ, and thousands of other Spyware definitions, automatically and instantly. Click here to download Spyware Detector and scan for free. |
| |
|
| |
| |
| |  | Personalized e-Mail support by our Research Team. You send an "Export Log" report to us, we then add new definition and you eliminate spyware found on YOUR PC in the next Live Update. So, not only do you benefit but the whole community enjoys the feedback.
| |  | Speed up your computer and increase browsing performance by deleting Spyware & Adware | | | Enjoy continuous protection and security with frequent spyware definition updates so you never have to worry about new threats and outdated software. | | | Surf the web with confidence knowing your online activities aren't being tracked, and your confidential data is secure from prying eyes. |
|
|
| |  | | | | | |  | |  Submit a Threat
Submit a threat to be reviewed by our research team
Submit a Threat | |  |
|
|