TROJ_RUGENT.A

TROJ_RUGENT.A Description

Games. Although TROJ_RUGENT.A’s e-mail messages do include actual DOC files, they also include disguised Trojans (detected as TROJ_DROPPER.WSD) that install TROJ_RUGENT.A once you open the file attachment. Attacks that SpywareRemove.com malware analysts have observed originating from TROJ_RUGENT.A Trojans include contacting Command & Control servers without permission and transmitting stolen information to said servers, although TROJ_RUGENT.A may also be used for other harmful functions. While TROJ_RUGENT.A’s dropper deletes itself after installing TROJ_RUGENT.A, TROJ_RUGENT.A must, like most Trojans of its ilk, be removed with assistance anti-malware software.

TROJ_RUGENT.A: the Reason Why Even the Taiwanese Should Be Careful About Trusting Sympathetic Petitions

TROJ_RUGENT.A’s distribution rates, although at low levels, are bolstered by social networking lures that are included in mass-mailed e-mails. These e-mails attempt to single out potential sympathizers for the plight of Taiwan against China and make mention of the London-hosted Olympics as a rallying opportunity. Along with their message, which is claimed to have gathered tens of thousands of supporters, these e-mails also share a file attachment that appears to be a Word document. Rather cunningly for an e-mail spam strategy, this attachment opens a real DOC and picture file as a distraction from its real payload – a fake SCR (screen saver) version of TROJ_DROPPER.WSD, which installs TROJ_RUGENT.A before deleting itself.

The combination of TROJ_RUGENT.A’s disguised installation and a lack of symptoms from TROJ_RUGENT.A’s attacks may prevent victims from recognizing that TROJ_RUGENT.A has compromised their PC during the act of opening a harmless text document. SpywareRemove.com malware researchers note that most anti-malware programs should be able to find these malicious file attachments if you bother to scan them before to opening them, although their compression technique may give low-quality scanners some trouble.

How TROJ_RUGENT.A Turns Your Hard Drive into Its Own Sovereign Territory

TROJ_RUGENT.A launches itself with standard Registry exploits that allow TROJ_RUGENT.A to run without your consent whenever Windows starts. As a PC threat that remains in the background, TROJ_RUGENT.A gathers information about your computer and sends it to various remote URLs. TROJ_RUGENT.A can also receive information from these web addresses, which may allow TROJ_RUGENT.A to update itself, install other PC threats or let criminals take over your computer.

Although SpywareRemove.com malware researchers are only able to confirm TROJ_RUGENT.A’s compatibility with Windows 2K, Server 2003 and XP, it remains likely that TROJ_RUGENT.A is also compatible with more modern versions of Windows than the above examples. TROJ_RUGENT.A can be detected by several aliases, depending on your brand of anti-malware scanner, including Trojan.Downloader.gen.h, Mal/Behav-116 and Trojan.Win32.Generic!BT.

TROJ_RUGENT.A Automatic Detection Tool (Recommended)

Technical Details

Registry Modifications

• The following newly produced Registry Values are:
  HKEY..\..\{Value}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders Common Startup = %Program Files%\WindowsZip\temp\UpdateHKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows load = %User Temp%\wuauclt.exe

Home Malware ProgramsTrojans TROJ_RUGENT.A