Home Malware Programs Trojans Puregirls

Puregirls

Posted: March 28, 2006

Puregirls, also known as Gurepirls, is a trojan that steals e-mail addresses from a compromised PC and uses them to register the victim for a pornographic service without his or her knowledge and consent.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 acl.bmp
    2 acl.ocx
    3 aclservice.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOTACL.AclCtrl.1HKEY_CLASSES_ROOTAppIDaclservice.exeHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionModuleUsage\%System%/acl.bmpHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionModuleUsage\%System%/acl.ocxHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionModuleUsage\%System%/aclservice.exeHKEY_LOCAL_MACHINESOFTWAREpuregirls.tvHKEY_LOCAL_MACHINESYSTEMControlSet001ServicesAclServiceHKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesAclService
  • The following CLSID's were detected:
    HKEY..\..\{CLSID Path}4FE80730-2A8B-4E96-BF40-D73FE8DAF980049FD307-FB79-489F-8AB4-4FC73A1F59B565E32B18-9689-4D58-B891-56E7CE65C6C01D7BA44B-FBB4-4D6F-BC74-0917DAD0C605A12A4BD2-9A1E-4536-A9C7-202A7F13ADCC1B4066DD-C7E6-426D-BDD5-458954FE51FFADF47FB7-7FE7-4229-BA1F-19C6B7D936A1
Loading...