1. /
  2. Security Response/
  3. Infostealer.Tarno.B

Infostealer.Tarno.B

Risk Level 1: Very Low

Discovered:
February 26, 2004
Updated:
February 13, 2007 12:53:57 PM
Also Known As:
PWSteal.Tarno.B
Type:
Trojan Horse
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

Infostealer.Tarno.B is a Trojan Horse that attempts to intercept user names and passwords, and other computer information. It sends the user names and passwords to a certain email address using its own SMTP engine.


NOTE : Definitions prior to May 10, 2006 may detect this threat as PWSteal.Tarno.B



The Trojan looks for the following processes:
    VetTray.exe
    AutoDown.exe
    Rescue.exe
    WRCTRL.EXE
    WRADMIN.EXE
    ICSUPPNT.EXE
    ZONEALARM.EXE
    IOMON98.EXE
    GUARD.EXE
    DOORS.EXE
    PCCIOMON.EXE
    AvkServ.exe
    AckWin32.exe
    notstart.exe
    AVSYNMGR.EXE
    WebScanX.exe
    Mcshield.exe
    VSHWIN32.EXE
    VSECOMR.EXE
    WEBSCANX.EXE
    AVCONSOL.EXE
    VSSTAT.EXE
    ALOGSERV.EXE
    SPHINX.EXE
    LOCKDOWN2000.EXE
    cleaner3.exe
    cleaner.exe
    tca.exe
    MOOLIVE.EXE
    WrCtrl.exe
    WrAdmin.exe
    WrCtrl.exe
    ZATUTOR.EXE
    MINILOG.EXE
    VSMON.EXE
    blackice.exe
    blackd.exe
    FRW.EXE
    iamapp.exe
    iamserv.exe
    Anti-Trojan.exe
    ANTS.EXE
    IFACE.EXE
    ICLOAD95.EXE
    ICMON.EXE
    ICSUPP95.EXE
    ICLOADNT.EXE
    ICSUPPNT.EXE
    NAVAPW32.EXE
    NAVW32.EXE
    _AVP32.EXE
    _AVPCC.EXE
    _AVPM.EXE
    AVP32.EXE
    AVPCC.EXE
    AVPM.EXE
    AVP.EXE
    ZAUINST.EXE
    NAVAPW32.EXE
    FAST.EXE
    GUARD.EXE
    AUTOUPDATE.EXE
    TC.EXE
    NSCHED32.EXE
    TCA.EXE
    TCM.EXE
    TDS-3.EXE
    SS3EDIT.EXE
    ATCON.EXE
    ATUPDATER.EXE
    ATWATCH.EXE
    WGFE95.EXE
    POPROXY.EXE
    NPROTECT.EXE
    VSSTAT.EXE
    VSHWIN32.EXE
    NDD32.EXE
    MCAGENT.EXE
    MCUPDATE.EXE
    WATCHDOG.EXE
    TAUMON.EXE
    IAMAPP.EXE
    IAMSERV.EXE
    TFAK.EXE
    SPYXX.EXE
    ATCON.EXE
    FRW.EXE
    Smc.exe
    NeoWatchTray.exe
    NeoWatchLog.exe
    NTXconfig.exe
    NWService.exe
    AutoTrace.exe
    cpd.exe
    AVXMONITOR9X.EXE
    ISRV95.EXE
    REALMON95.EXE
    NAVAPW32.EXE
    RTVSCN95.EXE
    DEFWATCH.EXE
    VPTRAY.EXE
    TFAK.EXE
    WEBTRAP.EXE
    LUCOMSERVER.EXE
    TRJSCAN.EXE
    POP3TRAP.EXE
    ALERTSVC.EXE
    SS3EDIT.EXE
    JEDI.EXE
    MONITOR.EXE
    MCAGENT.EXE
    MCUPDATE.EXE
    IFACE.EXE
    NISUM.EXE
    NISSERV
    ACKWIN32.EXE
    AVKSERV.EXE
    NMAIN.EXE
    F-PROT95.EXE
    F-AGNT95.EXE
    SPYXX.EXE
    PERSFW.EXE
    SWNETSUP.EXE
    SymProxySvc.exe
    SYNMGR.EXE
    NavLu32.exe
    Navw32.exe
    AVXMONITOR9X.EXE
    AVXMONITORNT.EXE
    AVXQUAR.EXE
    NORMIST.EXE
    NVC95.EXE
    Claw95cf.exe
    Claw95.exe
    Nupgrade.exe
    AVGCC32.EXE
    AVGCTRL.EXE
    AVGSERV.EXE
    ICSUPP95.EXE
    ICLOADNT.EXE

Antivirus Protection Dates

  • Initial Rapid Release version February 26, 2004
  • Latest Rapid Release version December 23, 2014 revision 019
  • Initial Daily Certified version February 26, 2004 revision 002
  • Latest Daily Certified version December 24, 2014 revision 001
  • Initial Weekly Certified release date March 3, 2004
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Moderate

Damage

  • Damage Level: Low

Distribution

  • Distribution Level: Low
Writeup By: John Canavan

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver