;Template Description for Analyst:
;AnalystName: Enter your complete name
;AnalystEMailID: EMail ID of analyst
;Team: Specify team you belong to China, India, Romania or Ukraine
;Date: Define date in dd-mmm-yyy format, when you write or update this description, i.e. 10-JAN-2010
;Type: This should come from malware name, like for Virus.Win32.Virut, Type is Virus
;Platform: This is always fixed as Win32 as of now
;Family: As this description belongs to
;Variant: If you are writing for a specific variant in a family, mention so, like Virus.Win32.Virut.CE
;OVERVIEW: Give a brief overview of malware behavior
;TECHNICAL_DESCRIPTION: Give complete technical description
;SYMPTOMPS: In case system is infected with malware and there are any visible symptomps, which can be identified by end user, mention so, if any
;DISINFECTION: If there are manual steps which user can use to remove malware, like remove certain registry entries or files, should be mentioned here. ; ;http://www.viruslist.com/en/viruses/encyclopedia?virusid=21782790 link's "Removal instructions" can be good example.
;Here are few example links, where other vendors have published information in various
;http://www.symantec.com/security_response/writeup.jsp?docid=2009-020411-2802-99
;http://www.f-secure.com/v-descs/virus_w32_virut.shtml
;http://vil.nai.com/vil/content/v_154029.htm
;http://www.avast.com/eng/win32beagle.html
;http://free.avg.com/ww-en/66558
;http://www.viruslist.com/en/viruses/encyclopedia?virusid=21782790
;This ini file should be filled for every major variant and be attached to related ticket in trac

[INFO]
AnalystName=Ashwin Vamshi K
AnalystEMailID=ashwinv@comodo.com
Team=India
Date=14-APR-2010
Type=TrojWare
Platform=Win32
SubType=
Family=Swisyn
Variant=A

[OVERVIEW]
This Trojan program acts like a legitimate program which secretly performs malicious functions.
Mostly the Files in Swisyn are Delphi and Visual Basic compiled and packed with various packers. 
It is usually user-initiated and some of the files use autorun entries to replicate themselves.
Most variants have acitivity like injectors and keylogging

[TECHNICAL_DESCRIPTION]
Registry Values Added:
	HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Dllhost
Files Added:
	 %UserDir%\Local Settings\Application Data\appdata.dll
	 %UserDir%\Local Settings\Application Data\dllhost.exe 

[SYMPTOMS]
	Computers speed may decrease dramatically.
	Several Unknown Processes may be running on your computer.

[DISINFECTION]
	Delete the Registry values added to the registry By Swisyn
	Delete IE temp files,restart the computer and run a whole scan with COMODO Internet Security