is a trojan that steals information. It looks for files used by the browsers Firefox and Opera that may contain user names and passwords. It also looks for document files and spreadsheets, which it packs into an archive file. It sends the browser files and the archive file to a remote server.
adds the following registry entry as part of its installation process:
In subkey: HKCU\Software\hkhuiih
Sets value: "kghjgrdgf"
With data: "1"
looks for the files "signons.sqlite", "key3.db", and "wand.dat" in the following folders:
These files are used by the browsers Firefox and Opera to store user names and passwords. If found, Trojan:Win32/Kuluoz.gen!A steals the contents.
also looks for documents files and spreadsheets that contain potentially sensitive information. It then bundles these, along with the browser files, into a randomly-named .ZIP file, and sends it to the server "everkosmo2012.ru" via port 8000.
Analysis by Tim Liu
The following system changes may indicate the presence of this malware: