Win32/Potao [Threat Name] go to Threat

Win32/Potao.H [Threat Variant Name]

Category trojan
Short description

Win32/Potao.H is a trojan that steals passwords and other sensitive information. The trojan attempts to send gathered information to a remote machine.


The trojan does not create any copies of itself.

The trojan is usually a part of other malware with name Win32/Potao.D .

Information stealing

The trojan collects the following information:

  • operating system version
  • computer name
  • list of computer users
  • language settings
  • list of files/folders on a specific drive
  • file(s) content
  • computer IP address
  • list of recently opened/executed files
  • a list of recently visited URLs
  • installed antivirus software
  • installed program components under  [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­Uninstall] Registry subkeys
  • list of running processes
  • video controller type
  • CPU information
  • USB storage devices information
  • screenshots
  • logged keystrokes

The trojan collects information related to the following applications:

  • Safari
  • Windows Live Mail
  • Mozilla Thunderbird
  • Microsoft Outlook
  • Mozilla Firefox
  • Opera
  • Internet Explorer
  • Google Chrome

The trojan attempts to send gathered information to a remote machine.

Please enable Javascript to ensure correct displaying of this content and refresh this page.