Remove Trojan.Skimer
Posted on: March 25th, 2009
| Discovered: | March 18, 2009 |
| Updated: |
March 19, 2009 8:53:51 AM |
| Type: |
Trojan |
| Systems Affected: |
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP |
| Recommended Action: |
|
You will see the download link on their website, once installed it will perform a full system scan on your machine for free.
|
| Technical Details: |
|
When executed, the Trojan copies itself as the following file: It then attempts to copy the file %Windir%\trl2 as one of the following files: * %Windir%\greenstone.bmp:redstone.bmp (if the file system is in NTFS format) It then attempts to copy the file %Windir%\kl as one of the following files: * %Windir%\greenstone.bmp:bluestone.bmp (if the file system is in NTFS format) Note: The above files may be used to store information gathered from the compromised ATM. It then injects itself into the following process: It then attempts to delete all files with the following names: The Trojan monitors the compromised computer for processes with the following names: * mu.exe When found, the Trojan hooks API functions in the above processes so that it can alter the behavior of the ATM. The Trojan may attempt to log transaction and PIN information to the following file: When logging account balance information, the Trojan converts account balances to US dollars using the following conversion rates: * 26 Russian rubles : 1 US dollar The Trojan may open a back door on the compromised ATM to allow an attacker to perform the following actions via the keypad: * Display the logged information |
| Action Steps: |
 FREE SCAN: NoAdware can remove Trojan.Skimer. Click the link below for your free download & scan your PC now.
MANUAL REMOVAL: Please click here for manual removal instructions. |
