Remove Infostealer.Saluni

Posted on: March 5th, 2010


Discovered: February 7, 2010
Updated: February 17, 2010 2:47:10 PM
Type: Trojan
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP
Recommended Action:
In order to Remove Infostealer.Saluni you need to Download the ‘No Adware’ remover software. Based on our testing this was the best peforming remover of Infostealer.Saluni. Read our full No Adware Review

If your PC is also running slowly, you may be interested to look at our Regcure Review. Regcure is proven to improve the performance of your computer.

No Adware Review

Technical Details:

When the Trojan is executed, it creates the following file:
%System%\kernel.exe

Next, the Trojan creates the following registry entry so that it executes
whenever Windows starts:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Run\"default" = "%System%\kernel.exe"

The Trojan then steals information from the compromised computer, including passwords related to the following applications:

* DynDNS
* Firefox
* FlashFXP
* Google
* IMVU
* Internet Explorer 7
* Internet Explorer 8
* MSN
* NO-IP
* Paypal
* Pidgin
* Steam
* Trillian
* Yahoo

The Trojan saves the stolen information in the following locations:

* %Temp%\keylog.dat
* %Temp%\Pass.dat

Next, it sends the stolen information to a remote location either using FTP or
in the form of an email.

The Trojan may display the following message:
Title:
Error
Message:
Run-time error ’429′

It may download a configurable file from a remote server.

The Trojan may also cause the compromised computer to crash, displaying
a Blue Screen of Death.
Action Steps:
FREE SCAN: NoAdware can Remove Infostealer.Saluni. Click the link below for your free download & scan your PC now.

Please click here for manual removal instructions.

Posted on Friday, March 5th, 2010 at 4:14 am - filed under Blog, Trojan.