E-gold keylogers and much more...

Start-reg-įrašyti:regedit-edit-find -

gdiwxp.dll

0.exe (0-skaičius)

---------------------------------------

You have a Trojan keylogger on your computer. We recommend you take all necessary steps to find and remove the Trojan. If you are using Internet Explorer as your browser, we recommend you install and use Firefox by Mozilla.

We believe you got the Trojan by visiting a particular website that has a malicious script running on their site. This script checks your computer for vulnerabilities and downloads malicious software.

There are Trojans keyloggers that monitors Internet Explorer windows until a user visits the e-gold login page: e-gold.com/acct/login.html. Once the user is logged in, the Trojan opens a hidden Internet Explorer window in which it accesses the user's account balance: e-gold.com/acct/balance.asp.

After ascertaining the value of the user's account it attempts to transfer their funds to another account using the hidden window.

The two Trojans we are aware of are:

Win32.Grams.I -

http://www3.ca.com/securityadvisor/v....aspx?id=41657

TROJ_GETEGOLD.C -

http://www.trendmicro.com/vinfo/viru...e=TROJ_GETEGOL

D.C

Most viruses are conveyed by spammed e-mail in the form of HTML messages.

The scripts run on viewing, no clicking on attachments is necessary. They may also arrive as image attachments. Once the image is viewed, the program is executed. Either way, the system is now infected and is just waiting for you to check your e-gold account balance.

You can protect yourself by:

* Using another browser instead of Internet Explorer (IE). Firefox by Mozilla is an excellent choice. You can visit www.mozilla.org for more information.

* Do Not auto-preview incoming e-mail.

* Do Not open obvious spam.

* Do run a full virus scan regularly.

You may want to also specifically look for the following Trojan to see if it is installed on your computer: TROJ_BANKER.BS. Troj/Banker-AM is a Trojan that steals bank details. In order to run automatically on login the Trojan copies itself to the file svhost.exe in the Windows folder and adds the following registry entry:

HKLMSoftwareMicrosoftWindowsCurrentVersionRun Shell

=C:Windowssvhost.exe

Troj/Banker-AM installs itself as an Internet Explorer plugin in order to monitor the URLs visited by the user. When one of a specific set of banking-related URLs is visited, the Trojan logs all inputted details and submits them to the author using a PHP script on a preconfigured web site.

This Trojan installs a keylogger on affected machines. It monitors a user's Internet browser and verifies if the address bar contains any of the following strings:

. *abc517.net*

. *e-gold*

. *e-gold.com/acct/accountinfo.asp*

. *e-gold.com/acct/balance.asp*

. *e-gold.com/acct/login.html*

. https://www.e-gold.com/acct/accountinfo.asp

. https://www.e-gold.com/acct/balance.asp

Once it detects that affected users are browsing over the said sites, it starts logging keystrokes made by the said users. It eventually sends the logged keystrokes to a remote user. It runs on Windows 95, 98, ME, NT, 2000, and XP.

You may also want to visit http://www.lurhq.com/grams for information on Keyloggers that may be installed on your computer.

We investigated and placed a value limit on account # 2682136 to prevent it from receiving additional funds. Unfortunately we will not be able to refund your money because all e-gold spends are final and not reversible as stated in the e-gold account user agreement. e-gold is also contractually prohibited from freezing e-gold accounts or releasing e-gold account information in the absence of a court order or subpoena. You might want to consider obtaining some combination of help from a legal professional or law enforcement to obtain a court order, if the size of your loss warrants

expenditure of your resources (time and money) to resolve.

If you obtain a court order, in order to ensure you get all pertinent information please:

- Ask for e-gold account profile information for account # 2682136

- Ask for transaction history information for account # 2682136

- Ask for information on any other accounts owned or controlled by the individual

- Ask for Disposition of funds in questions "what account are the funds currently located, this is in case they have been moved around"

- If applicable, ask for stabilization of the funds in question "freezing of the account if the funds are still under the control of the perpetrator"

- Ask for account profile information for the account where the funds are currently located. This will be needed in case you have to subpoena the third party account owner.

This court order should be presented by fax (initially) and then with hard copy to:

e-gold Ltd.

c/o The Office of the Shareholders

Attn: Hil de Frias

Mello, Jones & Martin

Reid House 31 Church Street

Hamilton

Bermuda, HM 12

FAX: 441 296-4172

Thank You,

Due Diligence Unit