PWSteal.Sacanph.A is spyware that steals information related to your online activities, as well as private information from specific applications. The scope of PWSteal.Sacanph.A’s information-stealing activities may be broad, but PWSteal.Sacanph.A’s symptoms are minor to nonexistent, and PWSteal.Sacanph.A will even try to pretend to be a default Windows system component. Infections caused by PWSteal.Sacanph.A are also accompanied by system modifications that block access to certain websites. To prevent PWSteal.Sacanph.A infections avoid files from suspicious sources. For removing PWSteal.Sacanph.A, use an appropriate virus-removal application.
PWSteal.Sacanph.A – A Brand-New Spy that Wants Your Passwords
PWSteal.Sacanph.A infections were first reported early in July of 2011, and keeping your security software updated is important for defending your machine against PWSteal.Sacanph.A attacks. Most victims of PWSteal.Sacanph.A attacks report that they were infected after downloading files from unsafe sources, although other infection routes are also possible. PWSteal.Sacanph.A will not give any obvious symptoms of being on your computer, and you should rely on an anti-virus program to detect any suspected PWSteal.Sacanph.A infections.
One of the most obvious signs of PWSteal.Sacanph.A is its tendency to alter the Hosts file to block two types of online virus-scanning websites: hxxp://virusscan.jotti.org/de and virustotal.com. You may also be able to notice PWSteal.Sacanph.A sending information to remote criminals if you monitor your network traffic and port settings.
Finally, PWSteal.Sacanph.A conceals itself in the form of a fake csrss.exe file (a default Windows file), although PWSteal.Sacanph.A hides this file in the Application Data folder, instead of in the proper location for a csrss.exe file.
PWSteal.Sacanph.A’s Favorite Data to Grab from Your PC
PWSteal.Sacanph.A has been known to steal information from the sources listed below. Information that PWSteal.Sacanph.A may steal can include contact lists, passwords, account login names and other private data that can allow criminals that are linked to PWSteal.Sacanph.A to use your information for illegal purposes. However, since PWSteal.Sacanph.A can receive instructions to alter PWSteal.Sacanph.A’s behavior, PWSteal.Sacanph.A may also be capable of stealing information from sources not on this list, as well.
- Your URL history (which websites you’ve visited).
- COREFTP, SmartFTP and FileZilla; these are all free ftp client programs.
- Emule, a free file-sharing program.
- ICQ, Trillian, Windows Live Messenger and Miranda, all of which are instant-messaging programs.
PWSteal.Sacanph.A can also be identified by two aliases: PWS:Win32/Sacanph.A and TROJ_SPNR.07FC11. Whenever possible, use Safe Mode and a good anti-malware program to delete PWSteal.Sacanph.A from your PC, since improper removal of PWSteal.Sacanph.A has the potential to cause serious harm to Windows.
PWSteal.Sacanph.A Automatic Detection Tool (Recommended)
Is your PC infected with PWSteal.Sacanph.A? To safely & quickly detect PWSteal.Sacanph.A, we highly recommend you run the malware scanner listed below.
Download SpyHunter's* Malware Scanner to detect PWSteal.Sacanph.A What happens if PWSteal.Sacanph.A does not let you open SpyHunter or blocks the Internet?
File System Modifications
- The following files were created in the system:
# File Name 1 078.dll 2 AdVantage.exe 3 cr3.exe 4 DBREnxs.dll 5 FileName.exe 6 hdupdater.exe 7 howcodecsrv.exe 8 kfb0.dll 9 loader.exe 10 lsass.exe 11 msvbvm6032.dll 12 questscan146.exe 13 questscan149.exe 14 rereflsy.dll 15 scanquery.dll 16 sccsccp32.exe 17 syitm.exe 18 systemupdate.exe 19 vsbntlo.exe 20 winupdate.exe
Posted: July 7, 2011 | By SpywareRemove
Threat Level: 8/10
Rate this article:
Detection Count: 300