Trojan-SkyHook

Trojan-SkyHook is a browser hijacker that promotes phishing sites – hostile sites that attempt to steal confidential information by posing as legitimate websites. Currently, Trojan-SkyHook's attacks appear to be targeted at residents of Russia, with Hosts file changes that explicitly single out popular .ru sites for redirects to malicious sites, but PC users in other countries also may be impacted negatively by a Trojan-SkyHook infection. Trojan-SkyHook is distributed in a ZIP file that's specially-encoded for a simple defense against analysis by some anti-malware products, and SpywareRemove.com malware experts recommend being wary of any ZIP archives that match Trojan-SkyHook's description as noted in this article. Deleting Trojan-SkyHook, of course, is crucial for maintaining the basic integrity of your web-browsing experience, and ordinarily should utilize updated and reliable anti-malware applications.

Trojan-SkyHook: Sinking Its Claws into Your Login Data with Browser Banditry and Deft Disguises

Trojan-SkyHook is a relatively specialized type of browser hijacker. Unlike most similar PC threats, Trojan-SkyHook doesn't make any attempts to change your homepage or search engine. Instead, Trojan-SkyHook modifies the Hosts file to force your browser to redirect to malicious copycat sites whenever your browser loads one of several prominent Russian websites. Sites targeted for Trojan-SkyHook's redirects all appear to be related to e-mail or social networking activities, and always include login fields that copycat phishing sites can imitate to steal your password and account name.

Because these redirects are triggered by baseline system modifications that are external to your web browser, SpywareRemove.com malware researchers stress that changing your browser, removing all of the Trojan-SkyHook plugins or even deleting Trojan-SkyHook will not put an end to Trojan-SkyHook's redirects. To stop Trojan-SkyHook's redirects, you'll need to remove Trojan-SkyHook and its associated PC threats (Agent-FBX and Agent-FBH) while also undoing Trojan-SkyHook's Hosts file changes.

Bringing Trojan-SkyHook's Sky-High Aspirations of Thievery Down to Earth

Trojan-SkyHook infections have been noted to be on a readily-discernible rise in this month, with thousands of separate instances of Trojan-SkyHook attacks seen online. Trojan-SkyHook's distribution process makes use of a ZIP archive as a container for Trojan-SkyHook, which must be opened manually (unless you have other PC threats on your computer that are capable of opening Trojan-SkyHook themselves). SpywareRemove.com malware experts expressly warn that some security products may be unable to detect Trojan-SkyHook's ZIP file, which uses a UTF-8 Byte Order Mark to make its contents look like a text file. This misleading coding tweak also prevents some unzipping programs from opening Trojan-SkyHook's ZIP file, but most third-party applications, unfortunately, are compatible.

Deleting Trojan-SkyHook normally should use a trusted anti-malware product that also is capable of cleaning your Hosts file, although manual means of performing the latter also are available once Trojan-SkyHook is removed. Because Trojan-SkyHook's symptoms only occur for very specific websites that are of interest to Russian PC users, PC users in other regions may acquire a Trojan-SkyHook infection without seeing any of the symptoms of Trojan-SkyHook's redirect attacks.

Technical Details