Mail Shtirlitz 2.17
|
· Overview ·
|
Overview |
|
Vendor Notes: |
From the doc: Shtirlitz 2.17 from General Failure Shtirlitz can send victim's passwords and other stuff entered in windows with "secret field" (e.g. "Passwords: *******") to your email. Shtirlitz consists of 2 files: MSTConfig.exe --- configurator program shtirlitz.exe --- trojan (should be sent to victim after configurating). You may configurate shtirlitz.exe to your email and needed SMTP server through which mail be sent (you may use default)... Run MSTConfig.exe and press "Open EXE...", then open shtirlitz.exe and enter in the field "EMail Addr" your email address (I may use your real own mail box - nobody will see it, it'll be encoded in shtirlitz.exe), connect to internet, enter SMTP server's hostname and press "Lookup IP" - IP address of SMTP server will appear instead of hostname (you may write IP if you know and don't connect to Internet to look it up). Then press "Save data", "Quit". Now your Shtirlitz.exe is configured. You may rename it and send to victim. Please, don't try to attach Shtirlitz to any executable file - it won't work! :( version 2.17 doesn't allow to attach to exe files with for example SilkRope. You may rename shtirlitz exe to any name you like. Once infected victim's windows will allway run Shtirlitz and it'll try every 3 minutes to connect to SMTP server and send detected passwords (method of detection is the same as in GF) to your email. Good luck! GF. |
Alias: |
destructive program [F-Prot], Justas [McAfee], Mail Shtirlitz, Trj/PSW.Justas [Panda], Trj/PSW.Justas.B [Panda], Trojan.PSW.Justas.b, Trojan.PSW.Justas.b [Kaspersky], Trojan.PSW.Justas.Config, Trojan.PSW.Justas.config [Kaspersky], Win32.PSW.Justas.b [Computer Associates], Win95/Justas!Trojan [Computer Associates], Win95/Justas-B!Trojan [Computer Associates] |
Category: |
Password Capture: A variant of the Key Logger that captures passwords as they are entered or transmitted. Some password capture trojans impersonate the login prompt, asking the user to provide their password. Trojan: Any program with a hidden intent. Trojans are one of the leading causes of breaking into machines. If you pull down a program from a chat room, new group, or even from unsolicited e-mail, then the program is likely trojaned with some subversive purpose. The word Trojan can be used as a verb: To trojan a program is to add subversive functionality to an existing program. For example, a trojaned login program might be programmed to accept a certain password for any user's account that the hacker can use to log back into the system at any time. Rootkits often contain a suite of such trojaned programs. |
Similar Pests: |
Password Capture · Trojan |
Origins |
|
Author: |
General Failure |
Programming Language: |
Delphi |
Date of Origin: |
January, 1999 |
Place of Origin: |
Russia |
Operation |
|
Storage Required: |
|
Restart: |
HKLM\Software\Microsoft\Windows\CurrentVersion\Run "TSpool" Autostarting Pests |
ScreenShot: |
|
Mail Shtirlitz 2.17
Detection and Removal |
|
Automatic Removal: |
|
Manual Removal: |
Follow these steps to remove Shtirlitz 2.17 from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake. |
| Stop Running Processes: Kill these running processes with Task Manager: | |
| Remove AutoRun Reference: Go To the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\tspool, delete it and reboot the machine immediately. | |
| Clean Registry: Remove these registry items (if present) with RegEdit: | |
| Remove Files: Remove these files (if present) with Windows Explorer: | |
Research |
|
File Analyses: |
|
More Info: |
|
Research By: |
|
Last Revised: |
April 04, 2005 |
PestPatrol detects this.