Behavior: TrojanSpy
Technical
This Trojan tracks the user's Internet activity. It is a Windows PE EXE file. It is 155648 bytes in size.
Process
The Trojan loads itself to all processes which have been launched in the system. It then intercepts the following system functions:
NtQueryDirectoryFile
NtQuerySystemInformation
It does this in order to hide the files shown below on the hard disk:
qttask.exe
odbcct32.dll
perfc053.dat
and to exclude the following process
qttask.exe
from the list of system processes.
The Trojan also hooks the following API functions:
HttpSendRequest
InternetCrackUrl
which it uses to track sites visited by the user and information transmitted.
Harvested data is saved to the following log file:
%WinDir%\KB873841.log
Removal
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
1. Use Task Manager to terminate the malicious program’s process.
2. Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
3. Delete the following file:
%WinDir%\KB873841.log
4. Update your antivirus databases and perform a full scan of the computer
____________________
The more you lose yourself in something bigger than yourself, the more energy you will have!! 
