[INFO]
AnalystName=Haja
AnalystEMailID=hajan@comodo.com
Team=India
Date=01-APR-2010
Type=TrojWare
Platform=Win32
SubType=
Family=Emis
Variant=A

[OVERVIEW]
This Trojan horse program records keystrokes, captures screen images, and steals confidential information from the victim machine and send it to the remote attacker. 

[TECHNICAL_DESCRIPTION]
Once executed, the Trojan copies itself into the following location as:
	%Temp%\wscnfy32.exe
Files Added:
	%ProgramFiles%\Internet Explorer\setupapi.dll
	%Windir%\msacm32.drv
	%System%\wuasirvy.dll
msacm32.drv hooks into winlogon.exe.

[SYMPTOMS]

[DISINFECTION]
Manual Removal Instruction:
1.Delete following files in %Windir%
	 msacm32.drv 
	 wuasirvy.dll