It then retrieves information from the registry and saved passwords from Internet Explorer and Firefox. It attempts to send the stolen information to a server once per minute. The server is now actually offline, but the changes the malware makes to the Firefox browser file are not fixed by removal tools. Instead a user will have to re-install the Firefox browser to write a new copy of the file.
That's not the only interesting thing found with this trojan however. Embedded inside is an interesting string of text you wouldn't expect to see included with malware: "SaLiLoG keylogger server made by Salar Zeynali - Salixem@Gmail.com."
Webroot tracked down Zeynali's Facebook profile, where it says he is from Karaj, Iran. He writes crimeware just for fun. The "crimeware" is a keylogger creation tool he offers as a free download on a message forum he hangs out on. He also likes heavy metal music and sports a emo haircut by the way.