Don't Copy From This Blog...
One of our computers has been recently hit by a dreaded Trojan horse called Trojan.Tracur. That's not a huge surprise for us since most of the time we infect our computers intentionally just to find you what certain computer viruses do and how to effectively get rid of them. It's been almost a year since major security vendors discovered this Trojan horse. The distribution and risk levels were always low for this threat but Trojan.Tracur activity has rapidly increased in the past week.This Trojan horse redirects network traffic to malicious or infected websites. That's the main payload of this infection. Depending on your experience, you may think it's not a serious computer security threat but not everything is what it looks like at first glance. Trojan.Tracur can secretly download and execute malicious modules and make your computer wide open to a whole range of different computer attacks. It can also steal information which can lead to identity theft or financial loss. Once installed, Win32 Trojan.Tracur copies itself to Windows system folder as already existing DLL file, for example: reagent32.exe, imageres32.exe, etc. Then, this Trojan horse attempts to connect to a server and download additional malicious files onto the infected computer (Trojan.TracurB). If the C&C servers are online, it downloads at least three additional files with different functionality/characteristics and waits for other commands from the Command and Control server. The malware author can perform the following actions on the compromised computer:
- Download and execute malicious files
- Control the web browser redirection parameters
- Steal information
Last, but not least, it create a Windows Service which starts up automatically when you turn on your computer. It loads the malicious executable file from the Windows %System% folder. The name of the malicious Windows Service may vary, but it's usually something like Print Spooler or anything else that may sound legitimate. As with many other issues in computer security, you hopefully know your situation better than anyone else, however you have to make sure monitor system changes. Why? Because search engine redirects and browser hijackers are very common problems nowadays and unfortunately they are not being taken seriously by PC technicians and users. Why to bother? You probably installed some sort of toolbar in your web browser that causes redirects and it can be easily uninstalled using the Add/Remove Programs control panel. Nothing serious. I hear this very often. If you have been getting redirects in your Google searches and notifications from antivirus software about Trojan.Tracur.Gen activity, then your PC is definitely compromised. And this time, it's not the TDSS/ZAccess rootkit that redirects search results to Happili. It's a Trojan horse + malicious browser helper objects.
Even though, you can remove this Trojan horse from your computer manually, we recommend you to scan the infected computer with up to date anti-malware software. Manual removal can be very complicated and time consuming task. You may miss some core Trojan.Tracur files and then infection will eventually reappear next time you turn on your PC. To remove the Trojan.Tracur infection from your computer, please follow the step in the removal guide below. If you have any questions, please leave a comment.
Mike, http://spywareremovalx.blogspot.com
Trojan.Tracur removal instructions:
1. Download and execute TDSSKiller. This utility will remove malicious .dlls and executable files that may have rootkit capabilities.
2. Then download recommended anti-malware software (direct download) and run a full system scan to remove Trojan.Tracur from your computer. Don't forget to update anti-malware software before scanning.
Associated Trojan.Tracur files and registry values:
Files:
- C:\WINDOWS\System32\[NAME OF AN EXISTING DLL]32.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{989A5447-1A50-4D02-BA55-724A516C1370}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{989A5447-1A50-4D02-BA55-724A516C1370}
- HKEY_CLASSES_ROOT\CLSID\{989A5447-1A50-4D02-BA55-724A516C1370}
- HKEY_CLASSES_ROOT\.fsharproj
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.fsharproj
0 comments:
Post a Comment