Metafisher is a dangerous trojan distributed through bogus e-mail messages containing malicious links. Those messages can be either in English or in Spanish. Eeach of them contains a link leading to a web page hosting the WMF exploit. Once the user clicks on such link, the web browser opens a malicious site, which secretly installs Metafisher. Once installed, the trojan starts spying on the user. It logs user passwords and web sites visited, records MSN Explorer and Outlook Express account details.
installer.exe
msncps.dll
HKEY_LOCAL_MACHINESOFTRWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{78364D99-A640-4DDF-B91A-67EFF8373045}HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsListC:Program FilesInternet Exploreriexplore.exe=C:Program FilesInternet Exploreriexplore.exe:*:Enabled:Internet ExplorerHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionControl PanelloadcompidHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionControl PanelloadformwasHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionControl PanelloadhttpreportHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionControl Panelload ext_installHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionControl Panelloadwaspopup