This Trojan program is designed to steal user passwords. It is a Windows PE EXE file. The file is 23,040 bytes in size. It is written in Visual Basic. Payload

The Trojan will steal passwords to modem connections. The Trojan sends the harvested passwords by email to the remote malicious user's at:

**chno@mail.ru

The Trojan also creates the following registry key, and save its configuration to this key:

[HKCUSoftwareVB and VBA Program SettingsTHDetect]

The Trojan also displays the following message:

Removal instructions If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:

Use Task Manager to terminate the Trojan process.

Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).

Deletethefollowingparametersfromthesystemregistry(seeWhatisasystemregistryandhowdoIuseitfordetailsonhowtoedittheregistry):

[HKCUSoftwareVBandVBAProgramSettingsTHDetect]