Troj/DarkDrp-A

Troj/DarkDrp-A is a Trojan dropper that's used to install spyware onto your PC via attacks involving multiple PC threats. This attack starts with a malicious Windows Help file, Troj/HlpDrp-B, which launches Troj/DarkDrp-A as a fake Security Center file, with Troj/DarkDrp-A finally installing the keylogger Troj/Agent-OVJ. The only overt symptom of this attack is the general error message that appears when the victim attempts to view the original 'Help' file, and, thereafter, both Troj/DarkDrp-A and Troj/Agent-OVJ use covert means of compromising your PC. SpywareRemove.com malware experts caution that Troj/DarkDrp-A-related attacks can result in loss of extremely personal information, such as bank passwords, including other security-related compromises of your PC that could allow criminals to have an unwarranted level of access. As a recently-emerged Trojan, Troj/DarkDrp-A has been positively identified as of late August, and having updated anti-malware software should be considered necessary to prevent Troj/DarkDrp-A-related attacks.

Troj/DarkDrp-A – Not Just Two-Faced, but Triple-Faced as a PC Threat

Troj/DarkDrp-A and its cohorts were identified in late August of this year as a single, coordinated attack that used Troj/DarkDrp-A along with an additional Trojan, Troj/HlpDrp-B, to deliver spyware to the targeted PC. The original Trojan dropper that installs Troj/DarkDrp-A – Troj/HlpDrp-B – disguises itself as a WinHelp file with concealed malicious content. Opening Troj/HlpDrp-B, which uses misleading file names that, so far, target Italian-speaking PC users, will result in a general error message followed by Troj/DarkDrp-A's installation in the background.

Troj/DarkDrp-A's own part to play in this affair is to install the ultimate payload, a keylogger that's derived from the Darkshell Trojan – a DDoS-launching Trojan that compromises your PC's security and uses its resources for illegal acts. The keylogger, detected as Troj/Agent-OVJ, records your keyboard input to a separate DAT file that Troj/Agent-OVJ later sends to a domain that SpywareRemove.com malware experts have noted for its well-documented ties to malware. This can result in compromises of account and password-related security, as well as leaks of personal information such as your e-mail addresses, phone numbers or street addresses.

Getting Out of Troj/DarkDrp-A's Unhelpful Trap Before It's Too Late

The Help file that installs Troj/DarkDrp-A doesn't display symptoms besides a generic error about its content not loading, and Troj/DarkDrp-A conceals itself behind misleading file and process names ('Windows Security Center.exe' and 'cmd.exe,' respectively). Even the keylogger installed by Troj/DarkDrp-A uses a file name to imply that Troj/DarkDrp-A is a component of your Recycle Bin. Given all the subterfuge that's involved in a Troj/DarkDrp-A attack, along with a lack of obvious symptoms, SpywareRemove.com malware analysts consider using anti-malware software to block and delete Troj/DarkDrp-A the easiest way to avoid its attempt at grabbing your private information.

Since Troj/DarkDrp-A is installed by Troj/HlpDrp-B in the form of a malicious Help file, you should make a point of avoiding HLP files from untrustworthy sources (suspicious freeware sites, unusual pop-ups or P2P downloading networks). In spite of the HLP file system being discontinued in recent versions of Windows, SpywareRemove.com malware research team notes that most Windows PCs should still be able to launch Troj/HlpDrp-B, which will result in a domino chain effect that installs Troj/DarkDrp-A and, in turn, Troj/Agent-OVJ.

Technical Details