Trojan-SkyHook
Posted: April 9, 2013
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 9/10 |
---|---|
Infected PCs: | 7 |
First Seen: | April 9, 2013 |
---|---|
Last Seen: | April 15, 2023 |
OS(es) Affected: | Windows |
Trojan-SkyHook is a browser hijacker that promotes phishing sites – hostile sites that attempt to steal confidential information by posing as legitimate websites. Currently, Trojan-SkyHook's attacks appear to be targeted at residents of Russia, with Hosts file changes that explicitly single out popular .ru sites for redirects to malicious sites, but PC users in other countries also may be impacted negatively by a Trojan-SkyHook infection. Trojan-SkyHook is distributed in a ZIP file that's specially-encoded for a simple defense against analysis by some anti-malware products, and SpywareRemove.com malware experts recommend being wary of any ZIP archives that match Trojan-SkyHook's description as noted in this article. Deleting Trojan-SkyHook, of course, is crucial for maintaining the basic integrity of your web-browsing experience, and ordinarily should utilize updated and reliable anti-malware applications.
Trojan-SkyHook: Sinking Its Claws into Your Login Data with Browser Banditry and Deft Disguises
Trojan-SkyHook is a relatively specialized type of browser hijacker. Unlike most similar PC threats, Trojan-SkyHook doesn't make any attempts to change your homepage or search engine. Instead, Trojan-SkyHook modifies the Hosts file to force your browser to redirect to malicious copycat sites whenever your browser loads one of several prominent Russian websites. Sites targeted for Trojan-SkyHook's redirects all appear to be related to e-mail or social networking activities, and always include login fields that copycat phishing sites can imitate to steal your password and account name.
Because these redirects are triggered by baseline system modifications that are external to your web browser, SpywareRemove.com malware researchers stress that changing your browser, removing all of the Trojan-SkyHook plugins or even deleting Trojan-SkyHook will not put an end to Trojan-SkyHook's redirects. To stop Trojan-SkyHook's redirects, you'll need to remove Trojan-SkyHook and its associated PC threats (Agent-FBX and Agent-FBH) while also undoing Trojan-SkyHook's Hosts file changes.
Bringing Trojan-SkyHook's Sky-High Aspirations of Thievery Down to Earth
Trojan-SkyHook infections have been noted to be on a readily-discernible rise in this month, with thousands of separate instances of Trojan-SkyHook attacks seen online. Trojan-SkyHook's distribution process makes use of a ZIP archive as a container for Trojan-SkyHook, which must be opened manually (unless you have other PC threats on your computer that are capable of opening Trojan-SkyHook themselves). SpywareRemove.com malware experts expressly warn that some security products may be unable to detect Trojan-SkyHook's ZIP file, which uses a UTF-8 Byte Order Mark to make its contents look like a text file. This misleading coding tweak also prevents some unzipping programs from opening Trojan-SkyHook's ZIP file, but most third-party applications, unfortunately, are compatible.
Deleting Trojan-SkyHook normally should use a trusted anti-malware product that also is capable of cleaning your Hosts file, although manual means of performing the latter also are available once Trojan-SkyHook is removed. Because Trojan-SkyHook's symptoms only occur for very specific websites that are of interest to Russian PC users, PC users in other regions may acquire a Trojan-SkyHook infection without seeing any of the symptoms of Trojan-SkyHook's redirect attacks.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:readme.txt
File name: readme.txtMime Type: unknown/txt
Group: Malware file
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.