1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. System Infected: Trojan.Travnet Activity 2

System Infected: Trojan.Travnet Activity 2

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects Trojan.Travnet activity on compromised system.

Additional Information

This Trojan may be dropped by document files containing exploits. (Trojan.Mdropper)

When the Trojan is executed, it creates the following files:

%Temp%\ie.log
%Temp%\netmgr.dll
%Temp%\netmgr.exe
%Temp%\perf2012.ini
%Temp%\sysinfo2012.dll
%Temp%\sysinfo2012.dll
%Temp%\winlogin.exe
%UserProfile%\Start Menu\Programs\Startup\netmgr.lnk
%UserProfile%\Start Menu\Programs\Startup\netmgr.lnk


Next, the Trojan steals files with the following extensions:

.doc
.docx
.pdf
.rtf
.txt
.xls
.xlsx


It may also steal email user names and passwords.

Affected

  • Various windows platforms
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube