© 2009 System-Protector.com All Rights Reserved.
Bit Defender | Kaspersky | ESET NOD32 | AVG Antivirus | F-Secure Antivirus | Trend Micro | McAfee VirusScan | Norton antivirus | CA Antivirus | Norman Antivirus | G DATA Antivirus | Panda Antivirus | AVAST Antivirus | F-Prot antivirus | PC Tools Antivirus | Webroot Antivirus | ViRobot
Latest in trend:
» viruses
Trojan.Xrupter
How to remove Trojan.Xrupter manually?
What is Trojan.Xrupter?
Trojan.Win32.Agent2.dtb is a type of malware ("malicious software") with clearly malicious, hostile, or harmful functionality or behavior that is used to compromise and endanger individual PCs as well as entire networks. Trojan is a general term for malicious software that is installed under false or deceptive pretenses or is installed without the user's full knowledge and consent.
High risk malware are typically installed without user interaction through security exploits, and can severely compromise system security. Such malware may open illicit network connections, use polymorphic tactics to self-mutate, disable security software, modify system files, and install additional malware. These malware may also collect and transmit personally identifiable information (PII) without your consent and severely degrade the performance and stability of your computer.
Characteristics of the virus
This Trojan calls premium rate numbers without the knowledge or consent of the user. It is a Windows PE EXE file. It is 25131 bytes in size. It is written in Delphi.
How does it affect your PC?
Once launched, the Trojan launches a copy of its own process and injects malicious code (detected by Kaspersky Anti-Virus as Trojan.Win32.Dialer.tvx) into this process.
This malicious code will:
1. Get accessible modem connections on the user’s computer;
2. Download a file from the URL shown below:
http://91.***.118.***/Dialer_Min/number.asp
This file is saved to the Windows directory as “number.txt”:
%WinDir%\number.txt
Parameters and phone numbers which will be used to make future calls are read from this file. The file are then deleted.
How to remove Trojan.Xrupter manually?
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
1. Use Task Manager to terminate the Trojan process.
2. Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
3. Delete all files from %Temporary Internet Files%.
4. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).