Kazy Trojan
Posted: October 26, 2011
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 8/10 |
---|---|
Infected PCs: | 43,474 |
First Seen: | January 19, 2011 |
---|---|
Last Seen: | May 20, 2023 |
OS(es) Affected: | Windows |
Kazy Trojan is a backdoor Trojan that can be configured to cause a range of attacks, but is particularly-known for attacking online bank-related information (thus causing Kazy Trojan to be dubbed a 'banker Trojan' or simply a 'banker'). Although there are many variants of Kazy Trojan that can be spread by different methods, SpywareRemove.com malware researchers have noticed recent e-mail spam attacks that install Kazy Trojan in the form of a fake password generator. This version of Kazy Trojan is also named in a misleading fashion and hides its true file type, and may directly attack anti-malware programs by deleting their files. If you suspect that you've been infected by Kazy Trojan, you should take steps to deactivate Kazy Trojan, such as rebooting in Safe Mode, and then run an appropriately-powerful anti-malware application (while reinstalling any deleted files, if this is necessary). You may also need to change passwords for your bank accounts to prevent criminals from using Kazy Trojan's stolen information to target you with online theft.
Kazy Trojan – a Not-So-Crazy Example of Why You Shouldn't Trust Strange E-mail Messages
Kazy Trojan can be distributed by many methods, including through malicious scripts that are embedded on hostile sites, through misleading advertisements and as part of an installation package for unrelated software. However, the most recent Kazy Trojan attack begins with a simple e-mail message with this subject line: 'Pick a Safe, Strong Password!' This is followed by the message reproduced below:
Kazy Trojan is included in the form of a link to an .exe file, supposedly for this (in fact, nonexistent) password-generating program. Other disguises that Kazy Trojan uses in the process of installing itself include a fake .gif format indicator and the name 'iexplorer.exe' (a slight variant of the Internet Explorer file name 'iexplore.exe'). Major problems that SpywareRemove.com malware experts have traced back to this variant of Kazy Trojan include:
- Deletion of important files for anti-malware, anti-virus and anti-spyware programs. Kazy Trojan will delete these files to keep your PC security software non-functional, which makes it difficult to remove Kazy Trojan by appropriate methods.
- Web browser hijacks that redirect you to phishing sites. Kazy Trojan is well-known for using phishing scams that present themselves in the form of fake online bank login pages, but you should be able to detect these scams by looking for minor variations in the web address or URL. If you enter your account information into these sites, you'll receive a generic error, and the criminals behind Kazy Trojan will have access to your account. Brazil-based banks are particularly-likely targets of Kazy Trojan phishing attempts.
- Other attacks that attempt to violate your computer's security, including changes to your firewall or network settings.
- Fake error messages that build up a pretense of your computer being infected with PC threats other than Kazy Trojan.
As a backdoor Trojan, Kazy Trojan can also be configured to cause other attacks that may vary in nature but are always harmful.
Restoring Sanity to Your PC by Packing Up Kazy Trojan
If you practice good Internet safety habits and delete this Kazy Trojan e-mail message without interacting with its link, your PC should be secure against any Kazy Trojan attacks. If you think you've been infected with Kazy Trojan, cleaning your PC of Kazy Trojan should be your first priority, even if visible symptoms of Kazy Trojan attacks haven't manifested. To do otherwise risks the loss of finances in your bank account, as well as control of your computer itself.
Because Kazy Trojan does interfere with anti-malware programs very actively, SpywareRemove.com malware researchers recommend that you reboot into Safe Mode with Networking (an option that's available on any Windows computer). This will boot Windows without launching unnecessary programs and will allow you to reinstall any missing files. Once this is done, all that's required to remove Kazy Trojan infections from your PC is an earnest and in-depth system scan.
Aliases of Kazy Trojan include (but aren't limited to) Trojan.Win32.Pakes.oya, Trojan.Fakealert.20587, Mal/FakeAV-IK, Generic22.YJ and Win32/Kryptik.MLF.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinSTAT.exe.vir
File name: WinSTAT.exe.virSize: 1.46 MB (1460224 bytes)
MD5: 3698510016a5878cfe85f9b0ce118de4
Detection count: 2,850
Mime Type: unknown/vir
Path: C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinSTAT.exe.vir
Group: Malware file
Last Updated: May 6, 2022
%APPDATA%\BeckHello\awe.exe
File name: awe.exeSize: 9.72 KB (9728 bytes)
MD5: d5c2f9866269565faa1a7198b773808b
Detection count: 1,412
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\BeckHello
Group: Malware file
Last Updated: March 26, 2016
%ALLUSERSPROFILE%\WinSTAT\WinSTAT.exe
File name: WinSTAT.exeSize: 1.46 MB (1460736 bytes)
MD5: 73f039eed04e494fb1cccff688efeb65
Detection count: 1,321
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\WinSTAT
Group: Malware file
Last Updated: September 29, 2022
%TEMP%\WINDOWS\TEMPARCHIVE\taskeng.exe
File name: taskeng.exeSize: 30.2 KB (30208 bytes)
MD5: 52944262c2ba7f1b50a054c0c1f9a88d
Detection count: 279
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%\WINDOWS\TEMPARCHIVE
Group: Malware file
Last Updated: August 27, 2016
msitoexe.setupproject1.msi
File name: msitoexe.setupproject1.msiSize: 9.57 MB (9572352 bytes)
MD5: beed71661af78e2f9c27b5b4d3898484
Detection count: 91
File type: Windows Installer Package
Mime Type: unknown/msi
Group: Malware file
Last Updated: July 20, 2015
%APPDATA%\BeckHello\awe.exe
File name: awe.exeSize: 9.21 KB (9216 bytes)
MD5: 01e98c0d37e9b65607be57236ae15510
Detection count: 80
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\BeckHello
Group: Malware file
Last Updated: March 26, 2016
%ALLUSERSPROFILE%\WinSTAT\WinSTAT.exe
File name: WinSTAT.exeSize: 1.46 MB (1460224 bytes)
MD5: 14225559d047188befe148f6d2c406ec
Detection count: 77
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\WinSTAT
Group: Malware file
Last Updated: March 30, 2016
%LOCALAPPDATA%\isvkjff.dll
File name: isvkjff.dllSize: 84.48 KB (84480 bytes)
MD5: 8f81499f78a86e9ade0a0e4ef0132669
Detection count: 76
File type: Dynamic link library
Mime Type: unknown/dll
Path: %LOCALAPPDATA%
Group: Malware file
Last Updated: May 20, 2015
%APPDATA%\Media Player Classic\AdobeFlashPlayerUpdater.exe
File name: AdobeFlashPlayerUpdater.exeSize: 279.04 KB (279040 bytes)
MD5: 77e1d41f0f18305208afa5754919aeff
Detection count: 66
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Media Player Classic
Group: Malware file
Last Updated: March 25, 2016
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\SystemAutorun.exe
File name: SystemAutorun.exeSize: 81.92 KB (81920 bytes)
MD5: a3e6f6161e10d61fbf3974620cf7acd3
Detection count: 64
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
Group: Malware file
Last Updated: April 16, 2015
%ALLUSERSPROFILE%\Application Data\LujerOdfum\ZosofAvten.ujf
File name: ZosofAvten.ujfSize: 344.06 KB (344064 bytes)
MD5: bfe92aad1220d8e0a7d620b0248bde7f
Detection count: 61
Mime Type: unknown/ujf
Path: %ALLUSERSPROFILE%\Application Data\LujerOdfum
Group: Malware file
Last Updated: June 3, 2015
%ALLUSERSPROFILE%\WinSTAT\WinSTAT.exe
File name: WinSTAT.exeSize: 1.66 MB (1662976 bytes)
MD5: 4c2047ebf0a3faf2df1e3e17309c387c
Detection count: 56
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\WinSTAT
Group: Malware file
Last Updated: March 30, 2016
%APPDATA%\Sony\AdobeFlashPlayerUpdater.exe
File name: AdobeFlashPlayerUpdater.exeSize: 320.51 KB (320512 bytes)
MD5: 292b71ebb733edf285d1a81fb99af868
Detection count: 55
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Sony
Group: Malware file
Last Updated: March 25, 2016
%ALLUSERSPROFILE%\Teslielro\1.0.1.0\oxaucoau.exe
File name: oxaucoau.exeSize: 158.72 KB (158720 bytes)
MD5: 771ef16b6c1b2c214a2d31d3036dcd34
Detection count: 53
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Teslielro\1.0.1.0
Group: Malware file
Last Updated: May 29, 2015
%APPDATA%\MKKE\AdobeFlashPlayerUpdater.exe
File name: AdobeFlashPlayerUpdater.exeSize: 32.76 KB (32768 bytes)
MD5: 8b013c5ad557b57d50964cd3db57e2d7
Detection count: 26
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\MKKE
Group: Malware file
Last Updated: March 25, 2016
%APPDATA%\Microsoft\file.exe
File name: file.exeSize: 237.56 KB (237568 bytes)
MD5: c82ed031452e750d3d0470f6326ea0de
Detection count: 24
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Microsoft
Group: Malware file
Last Updated: April 25, 2016
%APPDATA%\BeckHello\awe.exe
File name: awe.exeSize: 9.72 KB (9728 bytes)
MD5: 906039608a7d1844eaadfc78d4867106
Detection count: 23
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\BeckHello
Group: Malware file
Last Updated: March 26, 2016
%TEMP%\qlmvjin.exe
File name: qlmvjin.exeSize: 2.09 MB (2098688 bytes)
MD5: 551eb4af1eb2aff43894ab9af4eb758d
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%
Group: Malware file
Last Updated: November 26, 2014
%APPDATA%\ABBYY\AdobeFlashPlayerUpdater.exe
File name: AdobeFlashPlayerUpdater.exeSize: 1.13 MB (1134592 bytes)
MD5: 9c1723f5c08a45a7eeab4567c209cb07
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\ABBYY
Group: Malware file
Last Updated: March 25, 2016
%APPDATA%\Geimkiy\suozo.exe
File name: suozo.exeSize: 281.13 KB (281135 bytes)
MD5: c8961101f0fea0286abdd7eda0148598
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Geimkiy
Group: Malware file
Last Updated: November 27, 2014
%TEMP%\WINDOWS\TEMPARCHIVE\taskeng.exe
File name: taskeng.exeSize: 60.41 KB (60416 bytes)
MD5: 3aa31ccc52e5f05188e5ac84f55fb06f
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%\WINDOWS\TEMPARCHIVE
Group: Malware file
Last Updated: August 27, 2016
%WINDIR%\system32\lz32RPIT.exe
File name: lz32RPIT.exeSize: 271.36 KB (271360 bytes)
MD5: 42032f435925eafb543018c8e2d0a8e3
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: December 3, 2014
%TEMP%\WINDOWS\SYSTEMFILES\taskeng.exe
File name: taskeng.exeSize: 117.76 KB (117760 bytes)
MD5: 5cf084a4fb499304027eee49f0b56312
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%\WINDOWS\SYSTEMFILES
Group: Malware file
Last Updated: August 27, 2016
%APPDATA%\Microsoft\AdobeFlashPlayerUpdater.exe
File name: AdobeFlashPlayerUpdater.exeSize: 320.51 KB (320512 bytes)
MD5: 72a6e20af7ea4b79706cbf1c8f0815ed
Detection count: 4
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Microsoft
Group: Malware file
Last Updated: March 25, 2016
C:\ProgramData\44490504.exe
File name: C:\ProgramData\44490504.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
More files
Registry Modifications
Regexp file mask%APPDATA%\Microsoft\Windows\Explorer.exe%APPDATA%\msconfig.exe%APPDATA%\wininit.exe%SystemDrive%\RECYCLER\svchost.exe
Related Posts
- Gen:Variant.Adware.Kazy.166854
- Gen:Variant.Adware.Kazy.432610
- TR/Kazy.169263.1
- Gen:Variant.Kazy.44360
- Gen.Variant.Kazy
I closed my account at National City but I'm still getting emails from my online banking account and I would like to close that as well. But i can't figure out how to do it. Think this trojan has something to do with it. Help please!