PWSteal.Sacanph.A

PWSteal.Sacanph.A Description

PWSteal.Sacanph.A is spyware that steals information related to your online activities, as well as private information from specific applications. The scope of PWSteal.Sacanph.A’s information-stealing activities may be broad, but PWSteal.Sacanph.A’s symptoms are minor to nonexistent, and PWSteal.Sacanph.A will even try to pretend to be a default Windows system component. Infections caused by PWSteal.Sacanph.A are also accompanied by system modifications that block access to certain websites. To prevent PWSteal.Sacanph.A infections avoid files from suspicious sources. For removing PWSteal.Sacanph.A, use an appropriate virus-removal application.

PWSteal.Sacanph.A – A Brand-New Spy that Wants Your Passwords

PWSteal.Sacanph.A infections were first reported early in July of 2011, and keeping your security software updated is important for defending your machine against PWSteal.Sacanph.A attacks. Most victims of PWSteal.Sacanph.A attacks report that they were infected after downloading files from unsafe sources, although other infection routes are also possible. PWSteal.Sacanph.A will not give any obvious symptoms of being on your computer, and you should rely on an anti-virus program to detect any suspected PWSteal.Sacanph.A infections.

One of the most obvious signs of PWSteal.Sacanph.A is its tendency to alter the Hosts file to block two types of online virus-scanning websites: hxxp://virusscan.jotti.org/de and virustotal.com. You may also be able to notice PWSteal.Sacanph.A sending information to remote criminals if you monitor your network traffic and port settings.

Finally, PWSteal.Sacanph.A conceals itself in the form of a fake csrss.exe file (a default Windows file), although PWSteal.Sacanph.A hides this file in the Application Data folder, instead of in the proper location for a csrss.exe file. It’s worth mentioning that deleting PWSteal.Sacanph.A files without the assistance of anti-virus software can cause other undesirable side effects and will not remove the modifications that were made to your Hosts file.

PWSteal.Sacanph.A’s Favorite Data to Grab from Your PC

PWSteal.Sacanph.A has been known to steal information from the sources listed below. Information that PWSteal.Sacanph.A may steal can include contact lists, passwords, account login names and other private data that can allow criminals that are linked to PWSteal.Sacanph.A to use your information for illegal purposes. However, since PWSteal.Sacanph.A can receive instructions to alter PWSteal.Sacanph.A’s behavior, PWSteal.Sacanph.A may also be capable of stealing information from sources not on this list, as well.

• Your URL history (which websites you’ve visited).
• COREFTP, SmartFTP and FileZilla; these are all free ftp client programs.
• Emule, a free file-sharing program.
• ICQ, Trillian, Windows Live Messenger and Miranda, all of which are instant-messaging programs.

PWSteal.Sacanph.A can also be identified by two aliases: PWS:Win32/Sacanph.A and TROJ_SPNR.07FC11. Whenever possible, use Safe Mode and a good anti-malware program to delete PWSteal.Sacanph.A from your PC, since improper removal of PWSteal.Sacanph.A has the potential to cause serious harm to Windows.

Home Malware ProgramsTrojans PWSteal.Sacanph.A