Gypthoy Malware Traffic Sample PCAP File Download
PWS:Win32/Gypthoy.A is a trojan that is specifically used to capture personal information, such as user names and passwords, and then send that information to a remote attacker.
PWS:Win32/Gypthoy.A creates the following files on an affected computer:
c:\documents and settings\administrator\local settings\temp\fgb.html
c:\documents and settings\administrator\local settings\temp\mail1.htm
c:\documents and settings\all users\common files\dsc.exe – detected as PWS:Win32/Gypthoy.A
The malware modifies the following registry entries to ensure c:\documents and settings\all users\common files\dsc.exe executes at each Windows start: