Trojan-PWS.Win32.LdPinch
Trojan-PWS.Win32.LdPinch is a generic detection name for a group of backdoor Trojans that steal passwords and other private information. In addition to recording information without your permission, Trojan-PWS.Win32.LdPinch will attack your firewall and other security measures that get in the way of transferring the data back to anonymous criminals. In some cases, Trojan-PWS.Win32.LdPinch is also known to appear as a false positive for certain gaming applications. Due to the serious nature of Trojan-PWS.Win32.LdPinch infections, you should treat any possible infection sign as the real thing, and scan your entire PC for Trojan-PWS.Win32.LdPinch to remove Trojan-PWS.Win32.LdPinch before serious violation of your information occurs.
The Ties That Bind the Trojan-PWS.Win32.LdPinch Together
Since Trojan-PWS.Win32.LdPinch is used to identify multiple Trojans with shared characteristics, you may have been infected with Trojan-PWS.Win32.LdPinch in many different ways, and not all Trojan-PWS.Win32.LdPinch infections may act exactly alike. However, there are certain basic behaviors that you can identify when you suspect that a Trojan-PWS.Win32.LdPinch infection is at work:
- Unfamiliar memory processes or unusual system resource usage. Since Trojan-PWS.Win32.LdPinch Trojans will always create startup Registry entries that let the Trojans launch without your permission, you should assume that a Trojan-PWS.Win32.LdPinch infection is always active unless you try to disable Trojan-PWS.Win32.LdPinch specifically.
- Attempts to search for and record private information like passwords of email addresses. You should consider all locally saved and stored data to be at risk, as long as Trojan-PWS.Win32.LdPinch is on your PC.
- The usage of a built-in email client engine that allows Trojan-PWS.Win32.LdPinch to email remote contacts without your consent. This is most readily seen in an unusually high system resource usage, and will not cause 'sent' messages to appear in your mailbox even if the messages use your email address as the sender.
- Trojan-PWS.Win32.LdPinch will also be present as a file in your Windows folder, although the exact name of the file may be randomized.
Some versions of Trojan-PWS.Win32.LdPinch have also been reported to possess worm-like proliferation functions. These functions let Trojan-PWS.Win32.LdPinch copy itself to removable devices like USB drives, although you can still see these files, if you have your preferences set to show Hidden and System files.
The Harmless Side of Trojan-PWS.Win32.LdPinch
If Trojan-PWS.Win32.LdPinch is really an infection you should remove Trojan-PWS.Win32.LdPinch by using Safe Mode and appropriate security software. However, there are some cases where Trojan-PWS.Win32.LdPinch is a false positive – a detected Trojan when, in reality, there isn't one.
So far, these false positives have been limited to the Steam gaming platform version of the Armed and Dangerous gaming application. However, this particular false positive has been known to appear in a wide range of completely unrelated brands of anti-malware scanners.
To reduce the chances of a false positive, keep your scanners and any gaming applications that cause these false positives both fully updated. If you want to keep using this software despite the false positive alerts, most quality scanners will let you set exceptions that can be ignored. This will let you scan your PC without the constant Trojan-PWS.Win32.LdPinch false alarms.
File System Modifications
- The following files were created in the system:
# File Name 1 %AppData%\69b5mxsh4.exe 2 %AppData%\addons.dat 3 %AppData%\conima.exe 4 %AppData%\fjgoq0fgn.exe 5 %AppData%\inlog 6 %AppData%\Input.bat 7 %AppData%\k4m5g.exe 8 %AppData%\LocalAccountAuthority.ba 9 %AppData%\lssas.exe 10 %AppData%\m2hy2z7a.exe 11 %AppData%\manager.exe 12 %AppData%\mlog 13 %AppData%\MouseDriver.bat 14 %AppData%\oyti57l58.exe 15 %AppData%\Plug.bat 16 %AppData%\rgnrpx9j.exe 17 %AppData%\rv02se.log 18 %AppData%\xfpk9wycw.exe 19 %AppData%\xi1q2460i.exe 20 %AppData%\ylog 21 %System%\lips\hotr.exe 22 %Temp%\00000000 23 %Temp%\x1jkfdsal.inf 24 %Windir%\cftnom.bat 25 %Windir%\cftnom.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Enigma ProtectorHKEY_CURRENT_USER\Software\Enigma Protector\D98C1DD404B2008F-980980E97E42F8ECHKEY_CURRENT_USER\Software\Enigma Protector\D98C1DD404B2008F-980980E97E42F8EC\D98C1DD404B2008F-980980E97E42F8ECHKEY_CURRENT_USER\Software\shmrHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{519AEC14-99E3-92B2-986E-F62944F7066D}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store DatabaseHKEY_LOCAL_MACHINE\SOFTWARE\shmrHKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\AdvancedHKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3PHKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\HistoryHKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MediaResources\msvideoHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Input ManagerHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Input Manager\SecurityHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Local Account Authority ServiceHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Local Account Authority Service\SecurityHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MouseDriverHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MouseDriver\SecurityHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Plug ManagerHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Plug Manager\SecurityHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\System UpdaterHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\System Updater\SecurityHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MediaResources\msvideoHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Input ManagerHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Input Manager\SecurityHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Local Account Authority ServiceHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Local Account Authority Service\Security HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MouseDriverHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MouseDriver\SecurityHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Plug ManagerHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Plug Manager\SecurityHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\System UpdaterHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\System Updater\Security
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.