Date Discovered: 12/18/2003
Date Added: 2/19/2004
Origin: Unknown
Length: Varies
Type: Trojan
SubType: Remote Access
There are multiple variants of this trojan. This description is simply meant to be a guide. This trojan uses a stealth technique to circumvent certain scanning technology. VirusScan's on-access scanner detects known variants of this trojan. The 4327 DAT files contain enhanced detection to allow VirusScan's on-demand scanner to detect known variants when scanning memory.
The trojan attempts to capture typed keystrokes and steal web site passwords.
When run, the trojan creates a hidden directory named f~a within the WINDOWS SYSTEM directory. A registry run key is created to load the trojan at startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Run "f~a" = C:\WINNT\System32\f~a\ra32.exe
Read more: http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=101037

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic