Follow:

You have been re-routed to the Trojan:Win32/Mediyes.B write up because Trojan%3aWin32%2fMediyes.B has been renamed to Trojan:Win32/Mediyes.B
 

Trojan:Win32/Mediyes.B


Trojan:Win32/Mediyes.B is the DLL component of the Mediyes family, a multi-component family that steals account information for online payment systems.



What to do now

To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:

For more information on antivirus software, see http://www.microsoft.com/windows/antivirus-partners/.

Threat behavior

Trojan:Win32/Mediyes.B is the DLL component of the Mediyes family, a multi-component family that steals account information for online payment systems.

Installation

Trojan:Win32/Mediyes.B may be dropped and installed in the system by other members of the Mediyes family. Trojan:Win32/Mediyes.B is injected into browser processes such as the following:

  • firefox.exe
  • chrome.exe
  • iexplore.exe
Payload

Connects to a remote server

Trojan:Win32/Mediyes.B may connect to a remote server to perform the following actions:

  • get configuration file
  • notify the server of a successful installation
  • get additional information

Analysis by Elda Dimakiling


Symptoms

There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptoms.


Prevention


Alert level: Severe
First detected by definition: 1.121.1200.0
Latest detected by definition: 1.173.2181.0 and higher
First detected on: Mar 09, 2012
This entry was first published on: Mar 09, 2012
This entry was updated on: Mar 23, 2012

This threat is also detected as:
  • Trojan.Mediyes!BKJRFHzFDHM (VirusBuster)
  • TR/Mediyes.B.18 (Avira)
  • Win32/Mediyes.D trojan (ESET)
  • Trojan.Win32.Mediyes (Ikarus)
  • Trojan.Win32.Mediyes.ag (Kaspersky)
  • Troj/Mediys-Gen (Sophos)