Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

Short description
Win32/Chip.A is a trojan that steals passwords and other sensitive information. The trojan can send the information to a remote machine.
Installation
When executed, the trojan copies itself into the folder:
  • %windir%
with the following file names:
  • lsass.exe
In order to be executed on every system start, the trojan sets the following Registry entry:
  • [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "lsass.exe" = "%windir%\lsass.exe"
Information stealing
Win32/Chip.A is a trojan that steals account names and passwords for the following online games:
  • Tibia
The trojan contains a list of (1) IP addresses. The trojan can send the information to a remote machine. The HTTP protocol is used.
Other information
If it succeeds, the trojan removes itself from the computer.