Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Troj/Gina-F

Feb 16, 2004 11:35PM PST

Type
Trojan

Description
Troj/Gina-F is a DLL that is used to replace the functionality of MSGINA.DLL, the authentication library in Windows NT.
Troj/Gina-F relies on the following registry entry in order to hook the functionality:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL
= <path to file>\ginahook.dll.

Once installed it logs passwords and other information in plain text to <Windows>\system32\syslogon.log.

http://www.sophos.com/virusinfo/analyses/trojginaf.html

Discussion is locked