Trojans

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
What are these ? What do they do ?
Trojan Horse mmsvc32,exe
Trojan Horse PSW.Banker4.GMJ
Regards,Richard

Re: Trojans

R.Oliver@Spam.co.za says...
Quoted text here. Click to load it

Early Google hit is for the info below from Sophos. Of course, other trojans may
use that filename.
Google has no hits for the other trojan you mention. I suggest you ask the AV
company who gave it
that name.
Don't do any internet banking! Change your online banking passwords. Check the
account status.




W32/Nanpy-A is a worm for the Windows platform. It may spread to vulnerable
computers via the
RPC-DCOM exploit, and attempt to redirect access to various banking websites.

When first run W32/Nanpy-A copies itself to <System>\mmsvc32.exe.

The following registry entry is created to run mmsvc32.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Microsoft Network Services Controller
<System>\mmsvc32.exe

W32/Nanpy-A modifies the HOSTS file, mapping the URLs of banking websites to a
remote IP. At the
time of writing, this IP address is not functional.

lloydstsb.co.uk
online.lloydstsb.co.uk
www.lloydstsb.co.uk
www.lloydstsb.com
personal.barclays.co.uk
barclays.co.uk
ibank.barclays.co.uk
www.barclays.co.uk
www.nwolb.com
nwolb.com
hsbc.co.uk
www.hsbc.co.uk
abbey.com
www.abbey.com
www.abbey.co.uk
abbey.co.uk
cahoot.com
www.cahoot.com
www.cahoot.co.uk
cahoot.co.uk
www.co-operativebank.co.uk
co-operativebank.co.uk
www.co-operativebank.com
co-operativebank.com
welcome2.co-operativebankonline.co.uk
welcome6.co-operativebankonline.co.uk
welcome8.co-operativebankonline.co.uk
welcome10.co-operativebankonline.co.uk
www.smile.co.uk
smile.co.uk




--
Snob? Were I a snob, I wouldn't be talking to you.

Site Timeline