The Berbew family of Trojans retrieves passwords stored on an infected system and sends them to a remote Web server. It also acts as a Web proxy, which allows attackers to use the infected system as a relay for remote access to other systems. Users can become infected with Trojans like Berbew in a number of ways: opening unknown e-mail attachments, running downloaded programs, using peer-to-peer file sharing programs.
To detect and remove this threat and other malicious software that may be installed in your computer, run a full-system scan with an up-to-date antivirus product such as the following:
When this Trojan is run, it creates two files in the system folder: an .exe file and a .dll file. These files have random file names. The .dll file is installed as a shell extension and loaded by Explorer.exe when the system starts. The .dll then loads and runs the .exe file. The Trojan also creates several files that contain user-specific information.
The Trojan acts as a Web proxy, allowing attackers to use the infected system as a relay to access other Web servers.
Later versions of this Trojan also log user's login details for online banking and other financial services. These details are sent to a remote Web server for retrieval by the attackers.
Later versions of this Trojan can also download and install updates from a list of Web sites built into the Trojan.