Troj/Asprox-Gen
Troj/Asprox-Gen makes use of email messages to propagate, and when installed will promptly turn to Trojan activities including downloading malware and systematically dismantling the PC's security. This Trojan will run with Windows as a background process; noticing and deleting Troj/Asprox-Gen may require exceptional attention to detail, since Troj/Asprox-Gen may take care not to make itself obvious. The main symptoms of a Trojan that you should look for include altered security-based settings, disabled applications and new files or memory processes that can't be identified.
Don't Trust the Troj/Asprox-Gen's Packaging
The code Troj/Asprox-Gen is relatively antiquated by Internet standards; versions of Troj/Asprox-Gen have been identified since 2008. However, new versions have also been created on a regular basis, making threat database updates essential for identifying or removing Troj/Asprox-Gen with an anti-malware scanner. Troj/Asprox-Gen is also known by several other names, such as Win32.SuspectCrc, Virus.Win32.Agent.GPS, Trojan:Win32/Danmec.gen!A, Backdoor:Win32/Agent.ACG and Proxy-Agent.af.gen.
The Troj/Asprox-Gen Trojan is packed or compressed in some instances, which makes Troj/Asprox-Gen difficult to detect the threat based on file size. This can also conceal Troj/Asprox-Gen from detection by anti-malware programs in some cases, so you shouldn't assume a file is safe after a single initial scan.
The current infection spread of Troj/Asprox-Gen suggests an origin in Russia, like many other kinds of malware. Paying closer attention to file sources from that area and keeping up tighter security can help stop Troj/Asprox-Gen from getting on your PC.
Can You Fend Troj/Asprox-Gen Off?
Troj/Asprox-Gen is known for the following characteristics once Troj/Asprox-Gen infects a computer:
- Creating startup entries in the Windows Registry. These entries turn Troj/Asprox-Gen into a hidden background process that runs by default. They may also be used to interfere with deleting Troj/Asprox-Gen, and can cause general system errors in some cases.
- Other infection downloads, including potential viruses, worms, spyware, rogue security programs and even more Trojans. This is a defining aspect of Troj/Asprox-Gen's programming as a Trojan, and causes prolonged exposure to the infection to become increasingly complicated and damaging to your PC.
- Lowered PC security. Troj/Asprox-Gen will reduce your security to accomplish downloads without your consent, and may also leave your computer vulnerable to remote attack or close anti-virus applications.
- Email-based propagation through an SMTP client. Troj/Asprox-Gen uses the infected computer's resources to contact an SMTP server and send 'spam' email out to any contacts Troj/Asprox-Gen can gather. These messages will contain Troj/Asprox-Gen in a zipped format. Unusually, the file will be password protected, but a password will be provided in the email's body.
As you can see, having Troj/Asprox-Gen around is a risk to others users and to your own computer. Any suspected cases of infection should be dealt with by serious and reputable anti-malware programs, to remove Troj/Asprox-Gen with no negative repercussions.
File System Modifications
- The following files were created in the system:
# File Name 1 %System%\aspimgr.exe 2 %Temp%\_check32.bat 3 %Temp%\MSI1e980.LOG 4 %Windir%\s32.txt 5 %Windir%\ws386.ini
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SftHKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrolHKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATIONHKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\internationalHKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ASPIMGRHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ASPIMGR\0000HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ASPIMGR\0000\ControlHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CF07F3F0HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CF07F3F0\0000HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CF07F3F0\0000\ControlHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aspimgrHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aspimgr\EnumHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aspimgr\SecurityHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASPIMGRHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASPIMGR\0000HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASPIMGR\0000\ControlHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CF07F3F0HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CF07F3F0\0000HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CF07F3F0\0000\ControlHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aspimgrHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aspimgr\EnumHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aspimgr\Security
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.