Kuluoz is a family of Trojans that are used to install other PC threats and steal personal information (such as passwords). The majority of Kuluoz variants are designed to install some form of fake security program (such as members of WinWebSec or FakeSysdef) that display fraudulent security pop-ups and system scans while simultaneously hindering the performance of your PC. Because Kuluoz is often distributed by spam e-mail that alleges to be from the UPS or a similar entity of good repute, SpywareRemove.com malware researchers particularly caution you to avoid file attachments from strange e-mails, particularly if they’re in .zip format (one of Kuluoz’s preferred formats). If you suspect that Kuluoz or its payload have infiltrated your computer, an exhaustive system scan by a reputable anti-malware product should be able to delete Kuluoz and anything that Kuluoz might have installed.
Kuluoz: a New Delivery Man for This Year’s Scamware
Variants of Kuluoz have been reported since mid-2012, with different varieties of Kuluoz being dedicated to installing different types of PC threats. Many variants, such as TrojanDownloader:Win32/Kuluoz.A and TrojanDownloader:Win32/Kuluoz.B, will automatically initiate contact with a variety of both malicious and mundane sites (such as Google and Twitter), with the latter being included to conceal their harmful traffic requests. After contacting their C&C servers, Kuluoz Trojans will receive instructions that tell them which files to download and install – including scamware like Win Disk, Win HDD, S.M.A.R.T. Check, Security Shield 2012 and Winweb Security.
Some versions of Kuluoz have also been found to utilize spyware-based attacks. SpywareRemove.com malware analysts have indicated that current versions of Kuluoz can use two distinct methods for stealing private information:
- Monitoring login input for various browsers and file-management utilities, with vulnerable programs including Firefox, BitKinex, Chrome, Total Commander, Far Manager, SmartFTP, FileZilla, Bulletproof FTP and WinSCP.
- Harvesting files of the following types: Microsoft Excel, Microsoft Word, Firefox password files, Opera password files and Thunderbird password files.
Dodging Kuluoz’s E-mailed Bullet
Kuluoz is typically propagated by fake e-mail messages with covers that include UPS delivery notices and airline ticket confirmations. While these e-mails will try to convince you to view an included file attachment to confirm the information mentioned in their main bodies, SpywareRemove.com malware researchers note that reputable companies will never ask you to open e-mail file attachments. Kuluoz can be specifically recognized by some of its file names: Postetikett_Deutsche_Post_AG_DE482456.zip, FedEx_Label_ID_Order_83-27-4534US.zip, IRSPROFILE.zip, Print_Label_FedEx_AN173738US.zip, Label_Parcel_IN34-789-54UK.rarTicket_Delta_Air_Lines_US9760.zip and Label_US.6366NT.zip.
After being extracted from its zip file, Kuluoz will use misleading file names (such as csrss.exe) to make itself look like a normal part of Windows. SpywareRemove.com malware researchers suggest using anti-malware software to detect and remove Kuluoz and its payload, since this method is the easiest way to delete Kuluoz without risking any damage to your OS.
Kuluoz Automatic Detection Tool (Recommended)
Is your PC infected with Kuluoz? To safely & quickly detect Kuluoz we highly recommend you run the malware scanner listed below.
Download SpyHunter's* Malware Scanner to detect Kuluoz What happens if Kuluoz does not let you open SpyHunter or blocks the Internet?
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
- The following files were created in the system:
# File Name 1 %LocalAppData%\pfranvvn.exe 2 %LocalAppData%\[RANDOM CHARACTERS].exe
- ‘You Are Invited To Our Wedding’ Spam Campaign Unleashes Trojan.Win32.Kuluoz Malware
- Malware Peddlers Experimenting with Highly-Successful Infection Techniques
Posted: June 20, 2012 | By SpywareRemove
Rate this article: