LdPinch Trojan Virus Description
LdPinch is a Trojan, which steals passwords with proxy and backdoor capabilities. It comes with an attachment “telekom-rechnung.chm”. This contains two files: HTML file attempting to execute other file “open.exe” using the Internet Explorer’s vulnerability. This file “open.exe” contains the actual Trojan. LdPinch is a variant of key logger, which captures the passwords as and when they are transmitted or entered. It also steals different types of passwords from the system infected. It also reads the settings of various applications and there it steals logins, passwords, email server addresses etc. passwords will be will also be stolen from FTP clients such as Total commander and SmartFTP, email clients such as The Bat and Outlook, Web browsers like Opera Software, IM programs such as Mir and .NET Passport.
How LdPinch Malware Infects Your Computer
When open.exe file is started, firstly it disables two services belonging to firewall and antivirus. After this, LdPinch starts several threads. Here, one thread will monitor and also kills the processes if their name contains substrings such as defwatch.exe, avpcc.exe, NOD32KUI.exe, PAVSRV51.exe, ZAPRO.exe, APVDWIN.exe, outpost.exe and VSMON.exe
How Win32.LdPinch Trojan Virus Works
Once the Trojan is active and then it starts an FTP server one the TCP port on 2121. This server requires the username and password. If the correct username and password is provided, then the server will give access to all the drives on the infected computer. It also starts a proxy server as well. One of the features, which is important is the LdPinch will start to backdoor the TCP port 2050.
Removal of the W32.LdPinch Trojan Virus From Your Computer
The W32.LdPinch Trojan Virusis complex and it is not recommended to attempt manual removal. Automatic removal using an updated anti-virus program is the recommended means for removal.
Click here for automatic removal instructions for removing the W32.LdPinch Trojan Virus.
No related posts.
Related posts brought to you by Yet Another Related Posts Plugin.
