Free Articles, Free Web Content, Reprint Articles
Sunday, December 15, 2019
 
Free Articles, Free Web Content, Reprint ArticlesRegisterAll CategoriesTop AuthorsSubmit Article (Article Submission)ContactSubscribe Free Articles, Free Web Content, Reprint Articles
 

How to Detect and Remove the Trojan-GameThief.Win32.Taworm

1. What is the Trojan-GameThief.Win32.Taworm Trojan-GameThief.Win32.Taworm is a Trojan horse that targets Windows operating systems. Trojan-GameThief.Win32.Taworm is able to propagate v...

1. What is the Trojan-GameThief.Win32.Taworm

Trojan-GameThief.Win32.Taworm is a Trojan horse that targets Windows operating systems. Trojan-GameThief.Win32.Taworm is able to propagate via unsolicited e-mails and malicious websites. On infiltrating a system, Trojan-GameThief.Win32.Taworm will download additional malware and negatively affect the performance of the infected machine. It is advisable to remove Trojan-GameThief.Win32.Taworm from an infected computer immediately after detection.

a. The following files were created in the system:

     c:\autorun.inf 

     %Temp%\apiqq.exe
     c:\io3yalc.exe  ([file and pathname of the sample #1])

     %Temp%\apiqq0.dll
     %Temp%\apiqq1.dll
     %Temp%\apiqq2.dll

Notes:

%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).

.

b. Registry Modifications  
  • The following Registry Key was created:
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\MADOWN
  • The newly created Registry Values are:
    • [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\MADOWN]
      • urlinfo = "dfrhjre.m"
    • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
      • api32 = "%Temp%\apiqq.exe"

      so that apiqq.exe runs every time Windows starts
       
  • The following Registry Value was modified:
    • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
      • CheckedValue =
c. Other details
  • There was registered attempt to establish connection with the remote host. The connection details are:

Remote Host Port Number 58.218.210.2080 80

  • The data identified by the following URL was then requested from the remote web server:

    • http://www.baiduop0.com/1mg/am1.rar
    • http://www.baiduop0.com/1mg/am.rar
  2. How-to's

a. Please update the policy basic knowledge of Sax2  in time, Once  sax2 detects  the communication of these trojans, it will break them and  ensure your network & business security.

b. How to Remove the Trojan-GameThief.Win32.Taworm  Manually?

Step 1 : Remove the registry entries hidden by Trojan-GameThief.Win32.Taworm, once you find some programs on your PC run abnormally, you should immediately check the following entries in the Registry, and directly delete the spyware-related registry entries.

  • [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\MADOWN]
    • urlinfo = "dfrhjre.m"
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    • api32 = "%Temp%\apiqq.exe"

Step 2 : Clean up IE Temporary file folder where the original carrier of PC threats is possibly stored. Meanwhile, the malicious files generated by Trojan-GameThief.Win32.Taworm.bho are possibly located in the following Location:
C:\Windows\System32
C:\Program Files\Common Files
C:\Documents and Settings

c. How to Remove these trojans Instantly?

Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. It includes a number of features, including a built in protection monitor that blocks malicious processes before they even start. visit http://www.ids-sax2.com/Malwarebytes-Anti-Malware.htm and download Malwarebytes' Anti-Malware to help you.

3. Appendix

For more informationBusiness Management Articles, please visit  http://www.ids-sax2.com/ComputerSecurityNewsletter.htm

Source: Free Articles from ArticlesFactory.com

ABOUT THE AUTHOR


I'm a network security export and found to dectect and resovle network security problems with intrusion software Sax2 is a good way. It can reslove many problems, such as ARP spoof, SQL Inject attacks, worms, backdor Trojans and so on.



Health
Business
Finance
Travel
Technology
Home Repair
Computers
Marketing
Autos
Family
Entertainment
Law
Education
Communication
Other
Sports
ECommerce
Home Business
Self Help
Internet
Partners


Page loaded in 0.018 seconds