Home Malware Programs Spyware Remote Password Stealer

Remote Password Stealer

Posted: March 28, 2006

Remote Password Stealer is a commercial spy application that silently records all user passwords and sends the log to a configurable e-mail address. The threat steals Windows, Internet Explorer, instant messenger, e-mail, FTP, dial-up connection and other passwords. The software must be manually installed. It secretly runs on every Windows startup. Remote Password Stealer has a so-called self-destructing feature that allows the person controlling the application remotely uninstall it.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 lpr123.exe
    2 spd123.ini
    3 spdhook.dll

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunlpr=C:Windowslpr123.exe
Loading...