PWSteal.Sacanph.A
Posted: July 7, 2011
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 382 |
| First Seen: | July 7, 2011 |
|---|---|
| Last Seen: | September 11, 2021 |
| OS(es) Affected: | Windows |
PWSteal.Sacanph.A is spyware that steals information related to your online activities, as well as private information from specific applications. The scope of PWSteal.Sacanph.A's information-stealing activities may be broad, but PWSteal.Sacanph.A's symptoms are minor to nonexistent, and PWSteal.Sacanph.A will even try to pretend to be a default Windows system component. Infections caused by PWSteal.Sacanph.A are also accompanied by system modifications that block access to certain websites. To prevent PWSteal.Sacanph.A infections avoid files from suspicious sources. For removing PWSteal.Sacanph.A, use an appropriate virus-removal application.
PWSteal.Sacanph.A - A Brand-New Spy that Wants Your Passwords
PWSteal.Sacanph.A infections were first reported early in July of 2011, and keeping your security software updated is important for defending your machine against PWSteal.Sacanph.A attacks. Most victims of PWSteal.Sacanph.A attacks report that they were infected after downloading files from unsafe sources, although other infection routes are also possible. PWSteal.Sacanph.A will not give any obvious symptoms of being on your computer, and you should rely on an anti-virus program to detect any suspected PWSteal.Sacanph.A infections.
One of the most obvious signs of PWSteal.Sacanph.A is its tendency to alter the Hosts file to block two types of online virus-scanning websites: hxxp://virusscan.jotti.org/de and virustotal.com. You may also be able to notice PWSteal.Sacanph.A sending information to remote criminals if you monitor your network traffic and port settings.
Finally, PWSteal.Sacanph.A conceals itself in the form of a fake csrss.exe file (a default Windows file), although PWSteal.Sacanph.A hides this file in the Application Data folder, instead of in the proper location for a csrss.exe file. It's worth mentioning that deleting PWSteal.Sacanph.A files without the assistance of anti-virus software can cause other undesirable side effects and will not remove the modifications that were made to your Hosts file.
PWSteal.Sacanph.A's Favorite Data to Grab from Your PC
PWSteal.Sacanph.A has been known to steal information from the sources listed below. Information that PWSteal.Sacanph.A may steal can include contact lists, passwords, account login names and other private data that can allow criminals that are linked to PWSteal.Sacanph.A to use your information for illegal purposes. However, since PWSteal.Sacanph.A can receive instructions to alter PWSteal.Sacanph.A's behavior, PWSteal.Sacanph.A may also be capable of stealing information from sources not on this list, as well.
- Your URL history (which websites you've visited).
- COREFTP, SmartFTP and FileZilla; these are all free ftp client programs.
- Emule, a free file-sharing program.
- ICQ, Trillian, Windows Live Messenger and Miranda, all of which are instant-messaging programs.
PWSteal.Sacanph.A can also be identified by two aliases: PWS:Win32/Sacanph.A and TROJ_SPNR.07FC11. Whenever possible, use Safe Mode and a good anti-malware program to delete PWSteal.Sacanph.A from your PC, since improper removal of PWSteal.Sacanph.A has the potential to cause serious harm to Windows.
File System Modifications
- The following files were created in the system:
# File Name 1 078.dll 2 AdVantage.exe 3 cr3.exe 4 DBREnxs.dll 5 FileName.exe 6 hdupdater.exe 7 howcodecsrv.exe 8 kfb0.dll 9 loader.exe 10 lsass.exe 11 msvbvm6032.dll 12 questscan146.exe 13 questscan149.exe 14 rereflsy.dll 15 scanquery.dll 16 sccsccp32.exe 17 syitm.exe 18 systemupdate.exe 19 vsbntlo.exe 20 winupdate.exe
Aliases
More aliases (239)
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%APPDATA%\Sun\kfb0.dll
File name: kfb0.dllSize: 112.12 KB (112128 bytes)
MD5: 93708aa7e2cb87276aaa52ff9eac1e4e
Detection count: 138
File type: Dynamic link library
Mime Type: unknown/dll
Path: %APPDATA%\Sun
Group: Malware file
Last Updated: July 8, 2011
%LOCALAPPDATA%\rereflsy.dll
File name: rereflsy.dllSize: 101.88 KB (101888 bytes)
MD5: 54b817f23428cf7a60546d7c52002d7d
Detection count: 93
File type: Dynamic link library
Mime Type: unknown/dll
Path: %LOCALAPPDATA%
Group: Malware file
Last Updated: July 13, 2011
%WINDIR%\icoidrap.dll
File name: icoidrap.dllSize: 113.15 KB (113152 bytes)
MD5: 23cf800f83279e9f36ff63a9dfea315e
Detection count: 91
File type: Dynamic link library
Mime Type: unknown/dll
Path: %WINDIR%
Group: Malware file
Last Updated: July 29, 2011
%LOCALAPPDATA%\systemupdate.exe
File name: systemupdate.exeSize: 91.64 KB (91648 bytes)
MD5: 335371a81952247c3160b70777371485
Detection count: 86
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%
Group: Malware file
Last Updated: July 11, 2011
%WINDIR%\wredbdt.dll
File name: wredbdt.dllSize: 89.6 KB (89600 bytes)
MD5: 2dcd904a3ed71dda540f6c1f2c2c8bc4
Detection count: 76
File type: Dynamic link library
Mime Type: unknown/dll
Path: %WINDIR%
Group: Malware file
Last Updated: July 18, 2011
%APPDATA%\advantage\AdVantage.exe
File name: AdVantage.exeSize: 129.53 KB (129536 bytes)
MD5: b273245574e893f370c9ebc03998c203
Detection count: 70
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\advantage
Group: Malware file
Last Updated: July 13, 2011
%WINDIR%\system32\msvbvm6032.dll
File name: msvbvm6032.dllSize: 239.1 KB (239104 bytes)
MD5: 49486c0b3b15619c1d8fd085dcd8f5c9
Detection count: 60
File type: Dynamic link library
Mime Type: unknown/dll
Path: %WINDIR%\system32
Group: Malware file
Last Updated: July 11, 2011
%PROGRAMFILES%\ScanQuery\scanquery.dll
File name: scanquery.dllSize: 1 MB (1007616 bytes)
MD5: eb2c79dfd80114d7b94761b1ab1226ab
Detection count: 56
File type: Dynamic link library
Mime Type: unknown/dll
Path: %PROGRAMFILES%\ScanQuery
Group: Malware file
Last Updated: July 13, 2011
C:\078.dll
File name: 078.dllSize: 798.72 KB (798720 bytes)
MD5: 65b09682d481b10860aa5a32779c0890
Detection count: 33
File type: Dynamic link library
Mime Type: unknown/dll
Path: C:
Group: Malware file
Last Updated: July 11, 2011
%SystemDrive%\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
File name: vsbntlo.exeSize: 94.72 KB (94720 bytes)
MD5: 7048a4628c7e774443040598e7b083c5
Detection count: 33
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811
Group: Malware file
Last Updated: July 11, 2011
%WINDIR%\aadrive32.exe
File name: aadrive32.exeSize: 94.2 KB (94208 bytes)
MD5: f7f7bb064a43b9f12e48ddf1da5844ab
Detection count: 32
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%
Group: Malware file
Last Updated: July 18, 2011
%SystemDrive%\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
File name: syitm.exeSize: 124.41 KB (124416 bytes)
MD5: 6df6b58a721390e030fd087ed8f74e8c
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413
Group: Malware file
Last Updated: July 8, 2011
G:\Soft\cr3-win-3-0-8\cr3.exe
File name: cr3.exeSize: 2.13 MB (2138112 bytes)
MD5: fa18745819d1eae454e0333f67fa745e
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: G:\Soft\cr3-win-3-0-8\cr3.exe
Group: Malware file
Last Updated: September 11, 2021
%ALLUSERSPROFILE%\SMMFD\winupdate.exe
File name: winupdate.exeSize: 225.28 KB (225280 bytes)
MD5: 6c36ad25736601aa303f9985c1c03d8f
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\SMMFD
Group: Malware file
Last Updated: July 8, 2011
%WINDIR%\system32\sccsccp32.exe
File name: sccsccp32.exeSize: 1.39 MB (1397760 bytes)
MD5: 83686d72c65f3c988294c7610692a047
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: July 11, 2011
%APPDATA%\Directory\FileName.exe
File name: FileName.exeSize: 662.52 KB (662528 bytes)
MD5: d2715003f8a10439af4b8832053451fe
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Directory
Group: Malware file
Last Updated: July 7, 2011
%ALLUSERSPROFILE%\Dati applicazioni\QuestScan\questscan149.exe
File name: questscan149.exeSize: 26.11 KB (26112 bytes)
MD5: 3d87103e4f894478dcabd14d09b96c6e
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Dati applicazioni\QuestScan
Group: Malware file
Last Updated: July 13, 2011
%LOCALAPPDATA%\KBDAZ2.dll
File name: KBDAZ2.dllSize: 122.88 KB (122880 bytes)
MD5: 60e065eade1d845b443bc828bb9d538b
Detection count: 5
File type: Dynamic link library
Mime Type: unknown/dll
Path: %LOCALAPPDATA%
Group: Malware file
Last Updated: July 22, 2011
%APPDATA%\Secure-Soft Stealer\Update.exe
File name: Update.exeSize: 1.78 MB (1780224 bytes)
MD5: 3a92627546efab44c7508a72358e1dac
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Secure-Soft Stealer
Group: Malware file
Last Updated: November 7, 2019
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.