How to Prevent and Remove the Trojan-Dropper.Win32.Injector

Bookmark and Share

 

1. What is the Trojan-Dropper.Win32.Injector

Trojan-Dropper.Win32.Injector isis a trojan horse infection that installs compressed malware files onto the infected pc and opens backdoors to remote attackers. Trojan-Dropper.Win32.Injector is usually infecting Computer's through corrupt media codec and AcitveX updates downloaded from dubious porn and shareware websites. Once Trojan-Dropper.Win32.Injector trojan horse is inside the system, it will run in stealth mode and launch corrupt pblew0p7.exe files together witn annoying pop-ups. Trojan-Dropper.Win32.Injector is an especially harmful securtiy risk that can initiate severe harm to your hardware and system files!

 

2.Technical Details:

 

a. The following files were created in the system:

 

No. Filename Size
1 c:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\Desktop.ini 63 bytes
2 c:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe 24,576 bytes
  • The following directory was created:
    • c:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455

b.  Registry Modifications

  • The newly created Registry Values are:
    • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
      • Taskman = "C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe"

      so that psysnew.exe runs every time Windows starts
       
    • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
      • psysnew = "C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe"

      so that psysnew.exe runs every time Windows starts
       
    • [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
      • Shell = "explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe"

      so that psysnew.exe runs every time Windows starts

  • d. Other details

    • There were registered attempts to establish connection with the remote hosts. The connection details are:

    Remote Host Port Number
    174.122.138.170 8800
    tordsffdig76.bzmfctyhk.com 25
    65.54.188.72 25
    mmganqwrxt31.rfqllmitk.com 25
    ysytdifyar55.thbjuuvsx.com 25
    fbbdajipgf70.rvltxelc.com 25
    eiosojizml72.rqxvsyai.com 25
    65.55.37.72 25
    pbjuwjxqln55.sbdjnajx.com 25
    65.55.37.88 25
    crvmlhbtef83.lwlqpzgaide.com 25

     

    3. How-to's

    a. How to prevent the  Trojan-Dropper.Win32.Injector ?

    Please update the policy basic knowledge of Sax2  in time, Once  Ax3soft sax2 detects  the communication of these trojans, it will break them and  ensure your network & business security.

    b. How to Remove the Trojan-Dropper.Win32.Injector   Manually?

    Step 1 :  Remove the following Trojan-Dropper.Win32.Injector registry keys
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    Taskman = "C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    psysnew = "C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    Shell = "explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe"


    Step2: Locate and delete the following Trojan-Dropper.Win32.Injector files

    c:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\Desktop.ini
    c:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
     

    c. How to Remove these trojans Instantly?

    Manual removal is a difficult process and it is not recommend unless you are an expert in this field. Therefore, you best defense is to download and install a reliable anti-spyware program to scan spyware on your machine. In order to detect computer threats in the easiest and fastest way possible, we advised trying the  Malwarebytes' Anti-Malware, it is an anti-malware application that can thoroughly remove even the most advanced malware. It includes a number of features, including a built in protection monitor that blocks malicious processes before they even start. visit http://www.ids-sax2.com/Malwarebytes-Anti-Malware.htm and download Malwarebytes' Anti-Malware to help you.

     

    4. Appendix

    For more information, please visit  http://www.ids-sax2.com/ComputerSecurityNewsletter.htm

    		•