From the doc: Shtirlitz 2.17 from General FailureShtirlitz can send victim's passwords and other stuff entered in windows with "secret field" (e.g. "Passwords: *******") to your email. Shtirlitz consists of 2 files: MSTConfig.exe --- configurator program shtirlitz.exe --- trojan (should be sent to victim after configurating).You may configurate shtirlitz.exe to your email and needed SMTP server through which mail be sent (you may use default)... Run MSTConfig.exe and press "Open EXE...", then open shtirlitz.exe and enter in the field "EMail Addr" your email address (I may use your real own mail box - nobody will see it, it'll be encoded in shtirlitz.exe), connect to internet, enter SMTP server's hostname and press "Lookup IP" - IP address of SMTP server will appear instead of hostname (you may write IP if you know and don't connect to Internet to look it up). Then press "Save data", "Quit". Now your Shtirlitz.exe is configured. You may rename it and send to victim. Please, don't try to attach Shtirlitz to any executable file - it won't work! :( version 2.17 doesn't allow to attach to exe files with for example SilkRope. You may rename shtirlitz exe to any name you like.Once infected victim's windows will allway run Shtirlitz and it'll try every 3 minutes to connect to SMTP server and send detected passwords (method of detection is the same as in GF) to your email.Good luck!GF.
destructive program [F-Prot]Justas [McAfee]Mail ShtirlitzTrj/PSW.Justas [Panda]Trj/PSW.Justas.B [Panda]Trojan.PSW.Justas.bTrojan.PSW.Justas.b [Kaspersky]Trojan.PSW.Justas.ConfigTrojan.PSW.Justas.config [Kaspersky]Win32.PSW.Justas.b [Computer Associates]Wi
mailshtirlitz.exemstconfig.exe
HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionun spool