Trojan.Smoaler Description

First identified in the middle of 2011, Trojan.Smoaler still appears to have ongoing attack campaigns that abuse fake Fedex e-mail messages to install Trojan.Smoaler onto the targeted computers. malware analysts have found significant spyware functions in Trojan.Smoaler’s attack features, and particularly warn against the high probability of Trojan.Smoaler stealing login data for a wide range of applications and websites. Trojan.Smoaler is compatible with most versions of the Windows OS, and, like many Trojans, attempts to avoid any obvious symptoms of its attacks. Hence, it’s encouraged for you to use anti-malware applications whenever finding or removing Trojan.Smoaler is required.

The E-mails that Deliver a Package of Trojan.Smoaler to Your PC

In spite of Trojan.Smoaler’s age, Trojan.Smoaler attacks continue to be of concern for PC security analysts even as of February of 2013. The most well-identified infection method for Trojan.Smoaler uses e-mail spam that claims to be sent by Fedex, with rotating domain hosts for Trojan.Smoaler and similar changes to the fake ‘order numbers.’ A malicious ZIP file attachment includes a Trojan that contacts the relevant domain and installs Trojan.Smoaler.

Naturally, malware researchers emphasize that Fedex does not use any type of e-mail-sent file attachments for its receipt system. Any e-mail claiming to be such should be assumed to be a vehicle for Trojan.Smoaler or similar Trojans, and deleting such e-mails on sight is a prudent and easy way of keeping your PC safe from problems like Trojan.Smoaler’s attacks.

» Learn more about SpyHunter's Spyware Detection Tool
and steps to uninstall SpyHunter.

Similar Trojan-installing attacks include those for Kuluoz, TR/Barys.EB.34 and Troj/Invo-Zip, all of which use variants on the same ‘fake e-mail from the post office’ strategy.

Why the Old Dog of Trojan.Smoaler Still Has a Hefty Bite

Trojan.Smoaler includes basic backdoor functions that can compromise your PC in several ways. Nonetheless, malware researchers have found Trojan.Smoaler’s information-stealing functions to be its most comprehensive and potentially damaging attacks. Trojan.Smoaler targets and steals login data (including passwords) and other sensitive information from the following programs:
  • Popular web browsers like Internet Explorer, Firefox and Opera.
  • E-mail clients, including Gmail, Outlook, Windows Mail and Incredimail.
  • Instant messaging applications such as MSN Messenger, AIM, Digsby, Yahoo Instant Messenger and ICQ.
  • Online poker games like Full Tilt Poker or Absolute Poker.
  • FTP managers like CoreFTP, CuteFTP, FTPUploader and WinSCP.
  • Download managers like Getright.
  • Remote Access Service (RAS) dialers such as VDialer. malware researchers stress that the list noted above is exemplary rather than conclusive; other applications that aren’t mentioned above also may be attacked by Trojan.Smoaler.

To preserve the confidentiality of your information and prevent Trojan.Smoaler from hijacking any accounts, you should remove Trojan.Smoaler as soon as you can do so. Advanced anti-malware utilities, if they’re available, should be considered the preferable solution to a Trojan.Smoaler infection. Even after Trojan.Smoaler is deleted, you may wish to consider changing any passwords and other security information for accounts that Trojan.Smoaler may have compromised.


Trj/CI.A [Panda]W32/Gataka.B [Fortinet]Trojan-Spy.Win32.Zbot [Ikarus]Win32/Gataka.B [ESET-NOD32]Dropper/Win32.Injector [AhnLab-V3]Trojan-Spy.Win32.Zbot!IK [Emsisoft]TR/Symmi.81.4 [AntiVir]Trojan.Win32.Generic!SB.0 [VIPRE]UnclassifiedMalware [Comodo]Mal/Generic-L [Sophos]

More aliases (50)

Trojan.Smoaler Automatic Detection Tool (Recommended)

Is your PC infected with Trojan.Smoaler? To safely & quickly detect Trojan.Smoaler we highly recommend you run the malware scanner listed below.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

Registry Modifications

Tutorial: To edit and delete registry entries manually, read the tutorial on how to remove malicious registry entries.

Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
  • The following newly produced Registry Values are:
    HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\"[NAME VARIES]" = "%UserProfile%\Application Data\csrss.exe"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\"[NAME VARIES]" = "%UserProfile%\Application Data\csrss.exe"
Posted: October 6, 2011 | By
Rate this article:
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...
Threat Metric
Threat Level: 9/10
Detection Count: 73
Home Malware ProgramsTrojans Trojan.Smoaler

Leave a Reply

What is 15 + 3 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)