Win32/PSW.Fignotok [Threat Name] go to Threat

Win32/PSW.Fignotok.H [Threat Variant Name]

Category trojan
Size 653219 B
Detection created Jun 05, 2010
Signature database version 10296
Aliases Trojan.Win32.Were.dx (Kaspersky)
  PWS:Win32/Fignotok.A (Microsoft)
  Trojan.Usuge!gen3 (Symantec)
Short description

Win32/PSW.Fignotok.H is a trojan that steals passwords and other sensitive information. The trojan can send the information to a remote machine.

Installation

When executed, the trojan creates the following files:

  • %temp%\­normal.exe (16384 B)
  • %temp%\­winupdate.exe (510976 B, Win32/PSW.Fignotok.H)
Information stealing

Win32/PSW.Fignotok.H is a trojan that steals passwords and other sensitive information.


The trojan collects information related to the following applications:

  • Mozilla Firefox
  • Internet Explorer
  • Google Chrome
  • Opera
  • Trillian
  • Filezilla
  • Flash FXP
  • SmartFTP
  • CuteFTP
  • Pidgin
  • PalTalk
  • Google Talk
  • Internet Download Manager

The trojan gathers information related to the following services:

  • Windows Live
  • Steam
  • No-IP
  • DynDNS Updater

The trojan attempts to send gathered information to a remote machine.


The trojan contains a URL address. The HTTP protocol is used in the communication.

Please enable Javascript to ensure correct displaying of this content and refresh this page.