SoftwareTipsandTricks.com
Home Forums Windows 7 Security Tips
Forums

Windows 7
Windows Vista
Windows XP

Security Tips
Troubleshooting
Keyboard Shortcuts
Encyclopedia


Drivers

Internet Terms
Computer Terms

File Extensions (75)
File Extensions (15K+)

Startup Applications
Necessary Files
Useless Files
At Your Option Files
Dangerous Files
Browser Objects

DLL Files
SYS Files
INF Files
OCX Files
VXD Files

Virus Database
Virus Warnings

Easter Eggs
Tips and Tricks
Articles
Hot Downloads


Privacy Policy
Contact Us







  chostsv.exe

Name chostsv.exe

Description

PWSteal.Banpaes.C.
Is a Trojan horse that attempts to steal online banking information.

Also known as PWSteal.Banpaes, PWSteal.Banpaes.B

When PWSteal.Banpaes.C is executed, it performs the following actions:
Creates the following files:
%System%\Chostsv.exe
%System%\Mouse32.dll
%System%\Keybrd32.dll
%System%\Kuser.dll
%System%\Serv.dll
C:\Temp\Install.exe (This may not be created if the Temp folder does not exist in this location).

Adds the value:
"chostsv"="%System%\chostsv.exe"
to the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Logs keystrokes if the keystrokes are entered in windows that have any of the following strings in the window's title bar:
Caixa Economica Federal
Internet Banking CAIXA
BESC - Banco do Estando de Santa Catarina
Banco do Estado de Santa Catarina
Gerenciador Financeiro
Teclado Virtual
HSBC
Credicard
MasterCard
and some other.

Then, this Trojan sends the keystrokes to a predefined email address.

Manual removal:
Navigate to the key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and delete the value:
"chostsv"="%System%\chostsv.exe"

Or use antivirus (also check How To Remove section)to automatically remove this registry item.


Still have a problem? Ask for help at our discussion forum.



Search Useless Files :
 

: : Recent posts at Forums : :

Gay blogging rite, Common photos

czgspshcbg

szfhzcgueg

xaqcufajuc

labypxnoyy

knerxronmr

Delivered full-grown galleries

obnhewrpvk

wyemqukziz

icvrulshvt

fzjiqoqzrc

wrnbywclja

Бинарные опци

vwebyuknzi

Прикольные но

galqnuugna

utbheohwju

adhmlrrxol

gcuiquvvte

nmmwgiocqj

fmocwljabh

aeeqoqvtca

gkzymrgmxu

errywvapov

ylhuiyszvn

Renewed spot

hvidcroftn

pgnvvwcgal

ozpmnfwulw

vrgucqsnor




SoftwareTipsandTricks, All Rights Reserved.