TROJ_FEBUSER.AA
Posted: July 31, 2013
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 9/10 |
---|---|
Infected PCs: | 197 |
First Seen: | July 31, 2013 |
---|---|
Last Seen: | March 6, 2023 |
OS(es) Affected: | Windows |
TROJ_FEBUSER.AA is a Trojan that installs malicious plugins to Chrome and/or Firefox in an attempt to hijack the victim's social network accounts. Facebook, Google+ and Twitter all are affected by TROJ_FEBUSER.AA's attacks, which can be used to distribute malicious links and generate fraudulent profile information through invitations, posts, 'like' flags and status updates, among other functions. Because TROJ_FEBUSER.AA is distributed as a mislabeled download that tries to look like a normal software update, SpywareRemove.com malware researchers recommend avoiding software downloads from unofficial sources as your best bet against TROJ_FEBUSER.AA attacks, followed by using anti-malware tools to remove TROJ_FEBUSER.AA whenever it becomes necessary.
TROJ_FEBUSER.AA: the Facebook Abuser that Pretends to Update Your Software
TROJ_FEBUSER.AA utilizes multiple levels of deception in its attacks, including in the original installation process. Malicious sites hosting TROJ_FEBUSER.AA disguise TROJ_FEBUSER.AA as an update for popular media players, and an installed TROJ_FEBUSER.AA will attempt to download and install a secondary component – a browser plugin for either Chrome or Firefox – that is presented as a 'service pack' update. Which plugin TROJ_FEBUSER.AA chooses to install actually is based on which Web browser you use during the initial infection. Interestingly, SpywareRemove.com malware experts haven't seen any indicators of TROJ_FEBUSER.AA including attacks specific to the often-exploited Internet Explorer browser, or to any other browsers besides Firefox and Chrome.
The so-called 'service pack' installed by TROJ_FEBUSER.AA actually is a social account hijacker that takes over such major social networking profiles as those of Facebook, Google+ and Twitter. Armed with the ability to create artificial 'like' flags, generate its own messages, join groups, invite others to groups and change the profile's update status, this plugin could be a dangerously-effective distribution platform for other PC threats, including TROJ_FEBUSER.AA. SpywareRemove.com malware experts also warn that the disguises for these plugins have gone through several evolutions – with one of the latest samples including references to a legitimate security company F-Secure.
Breaking the Cycle of Social Network Abuse
Although TROJ_FEBUSER.AA's plugins may be visible as seemingly ordinary add-ons, removing them without also removing TROJ_FEBUSER.AA is unlikely to do either your PC or your social network accounts much, if any good. SpywareRemove.com malware researchers typically suggest using qualified anti-malware software to delete TROJ_FEBUSER.AA and malicious browser plugins. Afterward, you also may want to change most major account passwords related to your PC – particularly those for Facebook, Twitter and Google+.
Besides all of the other tricks through which TROJ_FEBUSER.AA conceals its malicious activities, many of TROJ_FEBUSER.AA's components also have been confirmed to use digital signatures – a security feature that's intended to authenticate the identities of 'safe' programs. While not the first to do so, TROJ_FEBUSER.AA's continued use of digital signatures on malicious files is just another indication that you never can trust a file unless you've downloaded from a source that you're certain is safe.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:facevideoupdt7.2_cn.exe
File name: facevideoupdt7.2_cn.exeSize: 739.66 KB (739664 bytes)
MD5: 5cc58402f234c03e1ea96da8cab8ffc4
Detection count: 71
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: August 1, 2013
21.exe
File name: 21.exeSize: 1.36 MB (1361375 bytes)
MD5: d96b05d0251ecc5527d17f3874df5561
Detection count: 70
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: August 1, 2013
fbvideoupdt7.3_cn.exe
File name: fbvideoupdt7.3_cn.exeSize: 732.72 KB (732720 bytes)
MD5: 8ee8f916f4381a7242b4bb384f3bc6d9
Detection count: 69
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: August 1, 2013
Registry Modifications
Regexp file mask%APPDATA%\temp.crx%TEMP%\fbinstupd.exeHKEY..\..\..\..{RegistryKeys}SOFTWARE\Microsoft\Tracing\fbinstupd_RASAPI32SOFTWARE\Microsoft\Tracing\fbinstupd_RASMANCSSOFTWARE\Wow6432Node\Microsoft\Tracing\fbinstupd_RASAPI32SOFTWARE\Wow6432Node\Microsoft\Tracing\fbinstupd_RASMANCS
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.