|PWSteal.Focosenha is a Trojan horse program that attempts to steal user names, passwords, and other information from the infected computer.
Logs keystrokes and captures background images when the address bar in Internet Explorer contains predetermined URLs.
The keystrokes are saved in:
The captured images are saved in the directory:
Sends LogMedia.TXT and image files stored in %Windir%\MSN\DAT to a predetermined email address.
Navigate to the key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and delete the value: "Safe"="C:\Windows\MSN\SafeWin.exe"
Navigate to and delete the key: HKEY_CURRENT_USER\SafeMode