Lsas.Trojan-Spy.DOS.Keycopy
Lsas.Trojan-Spy.DOS.Keycopy is a bogus trojan virus that appears in fake security alert pop-ups launched by rogue spyware remover Malware Destructor 2009. The Lsas.Trojan-Spy.DOS.Keycopy pop-up reads as follows:
"WINDOWS SECURITY ALERT!
Lsas.Trojan-Spy.DOS.Keycopy is suspected to have infected your PC.
This type of virus intercepts entered data and transmits it to a remote server.
Windows Internet Explorer 8
"C:\WINDOWS\ie8\spuninst
Data interception was detected while visiting a website: http://"
The purpose of this fake security alert is to scare you into purchasing Malware Destructor 2009 by making you think your system is infected with the bogus Lsas.Trojan-Spy.DOS.Keycopy trojan virus. Remove as soon as possible.
File System Modifications
- The following files were created in the system:
# File Name 1 %Documents and Settings%\All Users\Application Data\345d567 2 %Documents and Settings%\All Users\Application Data\345d567\384.mof 3 %Documents and Settings%\All Users\Application Data\345d567\MD345d.exe 4 %Documents and Settings%\All Users\Application Data\345d567\MdestrSys 5 %Documents and Settings%\All Users\Application Data\345d567\MDestrSys\vd952342.bd 6 %Documents and Settings%\All Users\Application Data\345d567\mozcrt19.dll 7 %Documents and Settings%\All Users\Application Data\345d567\sqlite3.dll 8 %Documents and Settings%\All Users\Application Data\MdestrSys 9 %Documents and Settings%\All Users\Application Data\MDestrSys\mdestr.cfg 10 %UserProfile%\Application Data\Malware Destructor 2009 11 %UserProfile%\Application Data\Malware Destructor 2009\cookies.sqlite 12 %UserProfile%\Application Data\Malware Destructor 2009\Instructions.ini 13 %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Destructor 2009.lnk 14 %UserProfile%\Desktop\Malware Destructor 2009.lnk 15 %UserProfile%\Local Settings\Temp\del.bat 16 %UserProfile%\Recent\ANTIGEN.exe 17 %UserProfile%\Recent\ANTIGEN.sys 18 %UserProfile%\Recent\cb.drv 19 %UserProfile%\Recent\energy.exe 20 %UserProfile%\Recent\energy.tmp 21 %UserProfile%\Recent\FS.sys 22 %UserProfile%\Recent\FS.tmp 23 %UserProfile%\Recent\FW.dll 24 %UserProfile%\Recent\hymt.exe 25 %UserProfile%\Recent\kernel32.drv 26 %UserProfile%\Recent\PE.dll 27 %UserProfile%\Recent\PE.tmp 28 %UserProfile%\Recent\tempdoc.exe 29 %UserProfile%\Recent\tjd.tmp 30 %UserProfile%\Start Menu\Malware Destructor 2009.lnk 31 %UserProfile%\Start Menu\Programs\Malware Destructor 2009.lnk 32 %WINDOWS%\Temp\IMT7.xml 33 %WINDOWS%\Temp\IMT8.xml 34 %WINDOWS%\Temp\IMT9.xml
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\MicrosoftHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}HKEY_CLASSES_ROOT\MD345d.DocHostUIHandler
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Lsas.Trojan-Spy.DOS.Keycopy may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
* See Free Trial offer below. EULA and Privacy/Cookie Policy.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.
still don't know what happened to my pc. you guys are the bomb. thanks for giving the malware scanner. i registered and it works like a charm. no more malware here!