Trojan-Spy.Win32.SPSniffer.a

Technical Details

This malicious program is designed to steal confidential data from users. It is a Windows PE EXE file. It is 53248 bytes in size. It is written in Visual Basic.

Payload

Once launched, the malicious program searches the system and downloads the library

spsax.dll 

This library is included in the program Serial Port Sniffer ActiveX Control which is the property of Eltima Softwarestr and is designed to intercept traffic from COM ports.Using this library the program monitors the activity of devices connected to the computer's COM ports and intercepts their network traffic.


In addition, the program intercepts key strokes when the user enters information in different system windows.


The Trojan saves the harvested data to the following file:

%system%\systen.dll

Information such as the computer Net Name and user’s name is also saved to this file.


The file containing the information is sent to the cybercriminal’s e-mail address

rhzeushydra@gmail.com

Removal Instructions

If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:

  1. Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
  2. Delete the following file:
    %system%\systen.dll

  3. Find and delete the file
    spsax.dll 

  4. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).