PortableAapps.com Platform version: 2.0 beta 1
As I had started the PortableApps.com Platform, the Microsoft Security Essentials froze the application and alerted me of a severe trojan. I don't know why but I didn't expect the PortableApps Platform could be performing trojan style commands and be a serious issue?
I hope someone here could help! I have copied and pasted the details of the trojan: PWS:Win32/Ldpinch.gen
Microsoft Security Essentials - Encyclopedia entry PWSWin32-Ldpinch.gen:
PWS:Win32/Ldpinch.gen
Encyclopedia entry
Updated: Feb 07, 2008 | Published: Feb 04, 2008
Aliases
Not available
Alert Level
Severe
Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection last updated: Detection initially created:
Definition: 1.69.889.0 Definition: 1.45.287.0
Released: Nov 12, 2009 Released: Oct 07, 2008
Summary
PWS:Win32/Ldpinch.gen is generic detection for PWS:Win32/Ldpinch, a family of password-stealing trojans. This trojan gathers private user data, such as passwords, from the host computer and sends the data to the attacker at a preset e-mail address. The Win32/Ldpinch trojans use their own Simple Mail Transfer Protocol (SMTP) engine or a web-based proxy for sending the e-mail, thus copies of the sent e-mail will not appear in the affected user's e-mail client.
Symptoms
Win32/Ldpinch variants have varying symptoms however this trojan family has some shared characteristics and actions:
*
Creates an entry under one or both of the following registry subkeys to run this copy of the trojan each time Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
*
Attempts to gather data from the host computer. The Win32/Ldpinch trojan may gather data such as e-mail addresses, passwords, and system configuration information, including registry settings. It may also gather data from installed applications such as &RQ, FAR, ICQ, The Bat!, and Total Commander.
Technical Information (Analysis)
PWS:Win32/Ldpinch.gen is generic detection for PWS:Win32/Ldpinch, a family of password-stealing trojans. This trojan gathers private user data, such as passwords, from the host computer and sends the data to the attacker at a preset e-mail address. The Win32/Ldpinch trojans use their own Simple Mail Transfer Protocol (SMTP) engine or a web-based proxy for sending the e-mail, thus copies of the sent e-mail will not appear in the affected user's e-mail client.
A Win32/Ldpinch trojan typically takes the following actions on the host computer:
*
Creates a copy of itself in the Windows folder or the system folder. The file name of the copy may vary.
*
Creates an entry under one or both of the following registry subkeys to run this copy of the trojan each time Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
*
Attempts to gather data from the host computer. The Win32/Ldpinch trojan may gather data such as e-mail addresses, passwords, and system configuration information, including registry settings. It may also gather data from installed applications such as &RQ, FAR, ICQ, The Bat!, and Total Commander.
* Encodes the passwords and sends them along with other collected information to a preset e-mail address. The Win32/Ldpinch trojans use their own Simple Mail Transfer Protocol (SMTP) engine or a web-based proxy for sending the e-mail, thus copies of the sent e-mail will not appear in the affected user's e-mail client.