TROJ_ARTIEF.LWO is a malicious file attachment that’s distributed in e-mail spamming campaigns. After tricking its victims into launching TROJ_ARTIEF.LWO through typical social engineering cons, TROJ_ARTIEF.LWO will install the backdoor Trojan PlugX. PlugX includes multiple components with a number of features, such as keylogging, screen-capturing and the ability to alter your Registry. While the TROJ_ARTIEF.LWO attack is one of the most obvious methods by which PlugX is distributed, PlugX may also use other infection vectors. As for TROJ_ARTIEF.LWO, the simplest solution is to delete TROJ_ARTIEF.LWO’s e-mail messages without opening the accompanying attachments.
The Latest E-mail with a Trojan Just for You
TROJ_ARTIEF.LWO, while it’s presented as a harmless text document, actually is a delivery vehicle for the PlugX Trojan – although TROJ_ARTIEF.LWO may also display a normal text document to distract you from its real payload. TROJ_ARTIEF.LWO is also detected by the aliases of Exp/20103333-A and Exploit:Win32/CVE-2010-3333, which identify the specific type of Microsoft Office exploit that TROJ_ARTIEF.LWO uses to attack your PC. Because TROJ_ARTIEF.LWO is sent to fresh PCs as an e-mail file attachment, SpywareRemove.com malware experts recommend that you be cautious about any unusual e-mails that encourage you to download an unfamiliar text file.
After you open TROJ_ARTIEF.LWO, it installs the first component of the PlugX Trojan: BKDR_PLUGX.SME, which proceeds to install three additional components.
When Word Documents Become Interested in Everything That You Type
Even though TROJ_ARTIEF.LWO’s part to play stops once PlugX is installed, various components of PlugX – including BKDR_PLUGX.BUT and BKDR_PLUGX.SME – will continue to attack your PC and grant criminals access to the system. Like many multicomponent Trojans, PlugX is modular, and SpywareRemove.com malware research team has noted the following functions designated to some of its most important modules:
- The XPlugKeylogger and XPlugScreen modules include spyware features to steal information that’s typed (via keylogging) or presented visually (via screenshots).
- XPlugRegedit modifies the Registry, which can control various security features, enable programs to launch automatically or disable other programs. XPlugProcess can also accomplish similar features through control over your computer’s memory processes.
- Perhaps PlugX’s most powerful module, XplugDisk manages PlugX’s control over files and folders in general. This includes deleting files, launching them, moving them and renaming them.
Naturally, given these attack capabilities, SpywareRemove.com malware researchers suggest that you remove PlugX as quickly as you can get any access to a suitable anti-malware scanner. Related PC threats, such as the TROJ_ARTIEF.LWO, should also be detected and removed in thorough system scans when necessary.
TROJ_ARTIEF.LWO Automatic Detection Tool (Recommended)
Is your PC infected with TROJ_ARTIEF.LWO? To safely & quickly detect TROJ_ARTIEF.LWO, we highly recommend you run the malware scanner listed below.
Download SpyHunter's* Malware Scanner to detect TROJ_ARTIEF.LWO What happens if TROJ_ARTIEF.LWO does not let you open SpyHunter or blocks the Internet?
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
- The following files were created in the system:
# File Name 1 %User Temp%\dw20.exe 2 %User Temp%\~WINWORD
Posted: September 21, 2012 | By SpywareRemove
Threat Level: 9/10
Rate this article:
Detection Count: 73