Trojan.PWS.Tupai.A
The file is usually dropped in Internet Explorer folder under the name of setupapi.dll. The trojan is used to steal passwords to ftps servers. In order to get access to this information it searches for well known ftp programs installed on the client’s computer and depending on what program is installed it tries to decrypt passwords and addresses of ftp servers. After the decryption is complete it encrypts it using its own algorithm and sends the data to http://85.225.[hidden].198/ftpg/ftp.php.
The following programs are vulnerable:
SecureFx
IpSwitch
FTPWare
FileZilla
Total Commander
BulletProof Ftp
GlobalScape Ftp
CoffeCup Fp
Ftp Commander Pro
Smart Ftp
Leap Ftp
Far
SHARE
THIS ON