This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects traffic related to Infostealer.Fysna.
When the Trojan executes, it creates the following files:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\spoolsv.exe
The Trojan will also drop the following file:
The Trojan then connects to the following remote location to get the public IP address of the compromised computer:
The Trojan uses the following regular expressions to scan the memory of running processes in order to find sets of strings:
The Trojan will then execute Tor.exe to connect to the following remote locations:
The Trojan may then perform the following malicious activities:
Log keystrokes and the title of the active window