TROJ_ARTIEF.LWO

TROJ_ARTIEF.LWO Description

TROJ_ARTIEF.LWO is a malicious file attachment that’s distributed in e-mail spamming campaigns. After tricking its victims into launching TROJ_ARTIEF.LWO through typical social engineering cons, TROJ_ARTIEF.LWO will install the backdoor Trojan PlugX. PlugX includes multiple components with a number of features, such as keylogging, screen-capturing and the ability to alter your Registry. While the TROJ_ARTIEF.LWO attack is one of the most obvious methods by which PlugX is distributed, PlugX may also use other infection vectors. As for TROJ_ARTIEF.LWO, the simplest solution is to delete TROJ_ARTIEF.LWO’s e-mail messages without opening the accompanying attachments.

The Latest E-mail with a Trojan Just for You

TROJ_ARTIEF.LWO, while it’s presented as a harmless text document, actually is a delivery vehicle for the PlugX Trojan – although TROJ_ARTIEF.LWO may also display a normal text document to distract you from its real payload. TROJ_ARTIEF.LWO is also detected by the aliases of Exp/20103333-A and Exploit:Win32/CVE-2010-3333, which identify the specific type of Microsoft Office exploit that TROJ_ARTIEF.LWO uses to attack your PC. Because TROJ_ARTIEF.LWO is sent to fresh PCs as an e-mail file attachment, SpywareRemove.com malware experts recommend that you be cautious about any unusual e-mails that encourage you to download an unfamiliar text file.

After you open TROJ_ARTIEF.LWO, it installs the first component of the PlugX Trojan: BKDR_PLUGX.SME, which proceeds to install three additional components.

Not all of these files are overtly-malicious, and SpywareRemove.com malware researchers encourage the usage of anti-malware software for detecting and deleting all components of a PlugX infection. Once it’s launched, PlugX also injects its code into the Windows process svchost.exe, which makes detection and removal of PlugX more difficult than it would be otherwise.

When Word Documents Become Interested in Everything That You Type

Even though TROJ_ARTIEF.LWO’s part to play stops once PlugX is installed, various components of PlugX – including BKDR_PLUGX.BUT and BKDR_PLUGX.SME – will continue to attack your PC and grant criminals access to the system. Like many multicomponent Trojans, PlugX is modular, and SpywareRemove.com malware research team has noted the following functions designated to some of its most important modules:

The XPlugKeylogger and XPlugScreen modules include spyware features to steal information that’s typed (via keylogging) or presented visually (via screenshots).
XPlugRegedit modifies the Registry, which can control various security features, enable programs to launch automatically or disable other programs. XPlugProcess can also accomplish similar features through control over your computer’s memory processes.
Perhaps PlugX’s most powerful module, XplugDisk manages PlugX’s control over files and folders in general. This includes deleting files, launching them, moving them and renaming them.

Naturally, given these attack capabilities, SpywareRemove.com malware researchers suggest that you remove PlugX as quickly as you can get any access to a suitable anti-malware scanner. Related PC threats, such as the TROJ_ARTIEF.LWO, should also be detected and removed in thorough system scans when necessary.

TROJ_ARTIEF.LWO Automatic Detection Tool (Recommended)

Is your PC infected with TROJ_ARTIEF.LWO? To safely & quickly detect TROJ_ARTIEF.LWO, we highly recommend you run the malware scanner listed below.

Download SpyHunter's* Malware Scanner to detect TROJ_ARTIEF.LWO What happens if TROJ_ARTIEF.LWO does not let you open SpyHunter or blocks the Internet?

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.