Trojan.Weelsof.C

Posted: July 20, 2012

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	8/10
Infected PCs:	1,600

First Seen:	July 20, 2012
Last Seen:	February 26, 2021
OS(es) Affected:	Windows

Trojan.Weelsof.C is a Microsoft-specific detection for a Trojan that's often associated with ransomware Trojan-based attacks, such as alerts from members of the Ukash Virus or Lockscreen families. Because closely-related PC threats to Trojan.Weelsof.C attacks have also been confirmed by SpywareRemove.com malware analysts as possessing flexible backdoor functions, a Trojan.Weelsof.C infection also may correspond with security attacks that can allow criminals to exert a dangerous level of influence over your PC. Trojan.Weelsof.C should be removed by trustworthy anti-malware software whenever Trojan.Weelsof.C is detected. If ransomware-related pop-ups or other issues prevent you from using your anti-malware product of preference, you should enact standard malware-disabling techniques, as mentioned in this article, to deactivate as many PC threats as possible before you try to scan your computer.

Where Trojan.Weelsof.C Walks, a Virtual Ransom Attempt Lingers

Although Trojan.Weelsof.C may possess other functions, most Trojan.Weelsof.C attacks are associated with ransomware Trojan infections that display fraudulent warning messages. These pop-ups may accuse you of committing a computer-based crime (such as downloading copyrighted music or illegal types of pornography) and will always block you from accessing other parts of your PC, such as your taskbar, shortcuts or any other means of launching other programs. Trojan.Weelsof.C-associated ransomware pop-ups usually request some form of money transfer end their system lockdowns, but SpywareRemove.com malware researchers discourage spending money on any type of ransomware Trojan, regardless of the nature of their threats or warnings.

Disabling Trojan.Weelsof.C and all related PC threats simplifies the disinfection process for any infected PC, and, thankfully, can be done with basic routines that are available to most PCs. For Windows users, rebooting into Safe Mode may be sufficient. If Safe Mode doesn't disable Trojan.Weelsof.C or you're using an operating system without this feature, SpywareRemove.com malware experts recommend booting your computer from a USB drive or other portable source. After you can start your OS without Trojan.Weelsof.C or related ransomware pop-ups being seen, you should be able to delete Trojan.Weelsof.C in a simple anti-malware scan.

Why Trojan.Weelsof.C May Not Be All That Should Be Worried Over

Relatives of Trojan.Weelsof.C include Trojan.Weelsof.A and Trojan.Weelsof.B. At the time of this writing, these PC threats aren't self-propagating, and SpywareRemove.com malware researchers recommend that you scan your PC for potential Trojan droppers, Trojan downloaders or other PC threats that could be used to install or distribute Trojan.Weelsof.C and its relatives to other computers. Probable infection vectors for Trojan.Weelsof.C include both compromised websites and websites that willingly host malicious content, such as drive-by-download exploits.

Some PC threats that are associated with Trojan.Weelsof.C, particularly Trojan.Weelsof.B, have been verified to use backdoor attacks. These attacks can compromise your computer's security by allowing unauthorized access without visible symptoms and should be considered high-level threats until their deletion by anti-malware software. By itself, Trojan.Weelsof.C is observable as an .exe file with a variable file size. Current samples of Trojan.Weelsof.C indicate that its file name is generated from a random string of characters (such as 'snvuxkqf.exe').

Aliases

Generic30.ARFR [AVG]W32/Weelsof.AAC!tr [Fortinet]Heuristic.BehavesLike.Win32.Suspicious-DTR.K [McAfee-GW-Edition]TR/Weelsof.aac [AntiVir]Trojan.Win32.Weelsof.aac [Kaspersky]Generic32.BRPZ [AVG]W32/Weelsof.PHF!tr [Fortinet]TR/Weelsof.C.9 [AntiVir]Trojan.Win32.Weelsof.phf [Kaspersky]Suspicious.Cloud [Symantec]Artemis!31CD61043694 [McAfee]W32/Weelsof.XY!tr [Fortinet]TR/Weelsof.C.25 [AntiVir]Gen:Variant.Symmi.6534 [F-Secure]Trojan.Win32.Weelsof.xy [Kaspersky]
More aliases (2161)

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%WINDIR%\jfecbguz.exe

File name: jfecbguz.exe
Size: 121.34 KB (121344 bytes)
MD5: a648b7e3a735d06996ac7a5ff9024f50
Detection count: 68
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%
Group: Malware file
Last Updated: March 4, 2013

%WINDIR%\uzfqzrcs.exe

File name: uzfqzrcs.exe
Size: 121.85 KB (121856 bytes)
MD5: e7fcf9a6a7aa1965148e352103af0899
Detection count: 53
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%
Group: Malware file
Last Updated: March 4, 2013

%ALLUSERSPROFILE%\application data\dwuycpxu.exe

File name: dwuycpxu.exe
Size: 121.34 KB (121344 bytes)
MD5: 906943411613a3056e5df8e5b7d93041
Detection count: 41
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\application data
Group: Malware file
Last Updated: March 1, 2013

%WINDIR%\autvueyu.exe

File name: autvueyu.exe
Size: 102.4 KB (102400 bytes)
MD5: eb52bc9542f9a07fb0010b56fc170db9
Detection count: 21
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%
Group: Malware file
Last Updated: March 1, 2013

%WINDIR%\opkjucxc.exe

File name: opkjucxc.exe
Size: 121.34 KB (121344 bytes)
MD5: 9458b473b402e90cedc0a72bbc62b5fd
Detection count: 19
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%
Group: Malware file
Last Updated: March 1, 2013

%WINDIR%\fwqiuqbg.exe

File name: fwqiuqbg.exe
Size: 121.85 KB (121856 bytes)
MD5: dee9361773b6b8d87d21dc5e2ecfd6e6
Detection count: 19
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%
Group: Malware file
Last Updated: February 25, 2013

%WINDIR%\lycxgdas.exe

File name: lycxgdas.exe
Size: 107.52 KB (107520 bytes)
MD5: 0334ff5700d419d92b351caea22c7c84
Detection count: 19
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%
Group: Malware file
Last Updated: January 31, 2020

%WINDIR%\ixpfakid.exe

File name: ixpfakid.exe
Size: 103.42 KB (103424 bytes)
MD5: b711ba1cd1f7d9a4597285154bbd75f8
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%
Group: Malware file
Last Updated: April 29, 2013

%ALLUSERSPROFILE%\Sun\zeoyhhimd.exe

File name: zeoyhhimd.exe
Size: 99.96 KB (99968 bytes)
MD5: fc83d75fd55f9ce49802188a2e37c1a7
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Sun
Group: Malware file
Last Updated: April 29, 2013

%WINDIR%\eoytxprc.exe

File name: eoytxprc.exe
Size: 105.98 KB (105984 bytes)
MD5: e5bb7da7795462275eb14635117c3df2
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%
Group: Malware file
Last Updated: March 12, 2013

%ALLUSERSPROFILE%\Sun\ankitomnh.exe

File name: ankitomnh.exe
Size: 96.86 KB (96864 bytes)
MD5: 31cd61043694885680cc64b790270c2f
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Sun
Group: Malware file
Last Updated: May 8, 2013

%ALLUSERSPROFILE%\Sun\thvdolwtq.exe

File name: thvdolwtq.exe
Size: 98.81 KB (98816 bytes)
MD5: 3c351ea8d3159b3c599c8e997515e9ab
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Sun
Group: Malware file
Last Updated: April 29, 2013

%WINDIR%\catodhuv.exe

File name: catodhuv.exe
Size: 104.44 KB (104448 bytes)
MD5: f70809ca9664ad2ac82159ea03e475ad
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%
Group: Malware file
Last Updated: March 12, 2013

%WINDIR%\lpdvdbyr.exe

File name: lpdvdbyr.exe
Size: 121.34 KB (121344 bytes)
MD5: f69783ed12b8dc7e0911e93113f84ce4
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%
Group: Malware file
Last Updated: March 21, 2013

%WINDIR%\engmimmv.exe

File name: engmimmv.exe
Size: 121.34 KB (121344 bytes)
MD5: 19c33c3e0abcafcdb3c5a6a7b87d0df9
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%
Group: Malware file
Last Updated: April 8, 2013

%WINDIR%\jnurjipg.exe

File name: jnurjipg.exe
Size: 110.59 KB (110592 bytes)
MD5: 4e13adf6b0ff75df5949f7835c3d6c84
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%
Group: Malware file
Last Updated: February 11, 2013

%WINDIR%\txdiauwj.exe

File name: txdiauwj.exe
Size: 121.34 KB (121344 bytes)
MD5: 36ae780cfc36dce174fed87ae70baf70
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%
Group: Malware file
Last Updated: April 16, 2013

%WINDIR%\lkzqzugo.exe

File name: lkzqzugo.exe
Size: 121.34 KB (121344 bytes)
MD5: 8fcc3b27a72d1248b2710923c8d01ace
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%
Group: Malware file
Last Updated: March 4, 2013

%WINDIR%\ccasrhii.exe

File name: ccasrhii.exe
Size: 107 KB (107008 bytes)
MD5: 103a634db73acfb56c3b7a983d2f8f5a
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%
Group: Malware file
Last Updated: March 12, 2013

%WINDIR%\zwhswghw.exe

File name: zwhswghw.exe
Size: 106.49 KB (106496 bytes)
MD5: f24584dc77fa341ef65bf6a508fc6eeb
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%
Group: Malware file
Last Updated: March 12, 2013

%WINDIR%\cxinpnkm.exe

File name: cxinpnkm.exe
Size: 121.34 KB (121344 bytes)
MD5: 42ecb9e0fdc47b373bfd6ef751e0758b
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%
Group: Malware file
Last Updated: March 21, 2013

%WINDIR%\yncfthon.exe

File name: yncfthon.exe
Size: 123.39 KB (123392 bytes)
MD5: f05bb88058fe8f32b68cb8fb39ca9642
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%
Group: Malware file
Last Updated: March 29, 2013

%WINDIR%\ktijakes.exe

File name: ktijakes.exe
Size: 122.88 KB (122880 bytes)
MD5: 5c4ecb974a08f961788127aaef51b247
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%
Group: Malware file
Last Updated: March 29, 2013

%WINDIR%\qgcbqhhf.exe

File name: qgcbqhhf.exe
Size: 95.74 KB (95744 bytes)
MD5: c586217ec0ee21272bd8a398304eb60e
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%
Group: Malware file
Last Updated: April 17, 2013

%ALLUSERSPROFILE%\Sun\ukonvvrde.exe

File name: ukonvvrde.exe
Size: 100.91 KB (100912 bytes)
MD5: 9a76a0d0cd0e478eeadf1a83c5439d62
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Sun
Group: Malware file
Last Updated: April 29, 2013

More files