Troj/Mdrop-EML

Posted: September 24, 2012

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	9/10
Infected PCs:	49

First Seen:	September 24, 2012
OS(es) Affected:	Windows

Troj/Mdrop-EML is a backdoor Trojan that compromises your PC's security to allow criminals to control it from a remote server. Along with its Trojan capabilities, SpywareRemove.com malware researchers have also found that Troj/Mdrop-EML possesses worm-based distribution functions that can allow Troj/Mdrop-EML to spread through networks and other sources. However, the predominant Troj/Mdrop-EML infection method is through fake Facebook videos that install Troj/Mdrop-EML as a fraudulent update to Flash. Because web pages that host these videos are promoted by spammed Twitter messages, you should be cautious about clicking on links that appear to be leading you to a Facebook video – even if such links are sent by friends, since Twitter accounts have been compromised to serve the purposes of spammers regularly.

Troj/Mdrop-EML: the 'Flash Player Update' That's Happy to Dismantle Your PC's Security

Troj/Mdrop-EML should be considered a possible high-level threat to your computer due to its usage of multiple distribution methods and its direct attacks against privacy and security-related features. Troj/Mdrop-EML can, like most backdoor Trojans, be employed to introduce other kinds of malware, upload stolen information such as passwords or grant criminals C&C server-based access to your computer's files and settings.

The story of Troj/Mdrop-EML's distribution is focused on compromised Twitter accounts, which have been used to send misleading links to followers that redirect them to a fake video page. This video page, while pretending to offer an update to Flash so that you can view the movie, actually installs Troj/Mdrop-EML. SpywareRemove.com malware researchers also emphasize that these Twitter messages will use deceptive tweets to make the link appear to be a personal movie about the victim and that these links are actual Facebook pages, which may cause many PC users to lower their guards and install Troj/Mdrop-EML without thinking through the risks entailed.

Just When You Think You've Got a Handle on How Troj/Mdrop-EML Gets You....

Besides its social networking-based propagation strategy, Troj/Mdrop-EML has also been seen distributing itself through removable media (USB drives, etc) and networks. This is achieved through worm-like functions that create hidden copies of Troj/Mdrop-EML in the aforementioned locations. SpywareRemove.com malware experts stress that uninfected PCs can be infected by Troj/Mdrop-EML merely by accessing these locations without any effort to willingly launch Troj/Mdrop-EML's hidden files.

Because Troj/Mdrop-EML creates multiple files, processes and Registry changes during its installation and launch, you should preferentially use anti-malware programs to delete all of the Troj/Mdrop-EML Trojan's components. Until you've removed Troj/Mdrop-EML entirely, you should avoid sharing removable drive devices, and SpywareRemove.com malware experts also recommend that you prevent other PCs from contacting your system via local network connections. Lax security can allow Troj/Mdrop-EML to compromise large networks of PCs – such as business systems – and attack them for a range of malicious purposes.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

FlashPlayerV10.1.57.108.exe

File name: FlashPlayerV10.1.57.108.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file