Home Malware Programs Backdoors Mal/EncPk-AFN

Mal/EncPk-AFN

Posted: January 22, 2013

Threat Metric

Threat Level: 9/10
Infected PCs: 84
First Seen: January 22, 2013
Last Seen: July 24, 2020
OS(es) Affected: Windows

Mal/EncPk-AFN is a backdoor Trojan that's distributed to German PC-users via spam e-mail messages that pretend to be affiliated with the Lufthansa German Airlines company. Since Lufthansa is a globally-recognized company and the single largest airline in Europe, many PC users – particularly those who are expecting to travel shortly – may be tricked into opening the accompanying file attachment, which installs Mal/EncPk-AFN and compromises the security of their computers. Backdoor Trojans like Mal/EncPk-AFN always should be removed as quickly as possible, although SpywareRemove.com malware experts strongly encourage the usage of a good anti-malware program for deleting Mal/EncPk-AFN, which may avoid being removed by less thorough methods that would remove normal applications.

Why a Flight on Mal/EncPk-AFN Isn't in the Best Interest of Yous or Your Computer

Like many Trojans before it, Mal/EncPk-AFN's delivery strategy uses a hefty dose of social engineering: e-mail messages carrying Mal/EncPk-AFN Trojans are formatted to look like communications from Lufthansa Airlines, with the implication being that the file attachment enclosed contains further information on details for a supposedly booked flight. Mal/EncPk-AFN is enclosed in a ZIP archive (detected as Mal/DrodZp-A), which may hinder the detection methods of simple security programs. SpywareRemove.com malware experts also noted that Mal/EncPk-AFN is misnamed to look like a PDF (Adobe-brand image/text document) file, but actually is an EXE or executable. Setting your file-viewing choices to avoid hiding file extensions will allow you to detect Mal/EncPk-AFN's full name and corresponding file type.

If you choose to open this fake Lufthansa file, your PC will be infected by Mal/EncPk-AFN, which includes the basic functions of a backdoor Trojan. Mal/EncPk-AFN may allow criminals to have a dangerous level of access to your PC, install other malware, disable security-related features or be instructed to make other attacks against your computer.

Bailing on Mal/EncPk-AFN's Flight to PC Dysfunctions

The easiest way to avoid a Mal/EncPk-AFN infection is to delete its spam e-mail messages or, at a minimum, scan suspicious file attachments before you choose to open them. If both of these safeguards have failed, you should consider your PC and its corresponding information to be at risk of being compromised by criminals.

Since Mal/EncPk-AFN disguises itself as a Windows file (the often-faked svchost.exe) and may even install other PC threats, SpywareRemove.com malware research team urges victims of Mal/EncPk-AFN attacks to use anti-malware software to delete Mal/EncPk-AFN infections whenever applicable. Mal/EncPk-AFN may attempt to conceal itself while Mal/EncPk-AFN attacks your PC and not display any symptoms that would be visible by eye – other than the often-minor resource allocation that always occurs during the presence of unwanted software.

Although current Mal/EncPk-AFN attacks target German PC users, SpywareRemove.com malware experts also warn that Mal/EncPk-AFN is compatible with PCs based in other countries. Likewise, similar but distinct spam e-mail attacks also have been known to target countries throughout the world.

Aliases

Trojan.PWS.Stealer.2155 [DrWeb]Trojan-PSW.Win32.Tepfer.gzbd [Kaspersky]Trj/CI.A [Panda]SHeur4.BDCH [AVG]W32/Zbot.JNQK!tr [Fortinet]TR/Spy.ZBot.jnqk [AntiVir]Trojan-Spy.Win32.Zbot.jnqk [Kaspersky]Win32:Dropper-gen [Drp] [Avast]Artemis!311ADC8C829C [McAfee]SHeur4.AZOO [AVG]Trojan-Downloader.Win32.Andromeda [Ikarus]Trojan/Win32.Graftor [AhnLab-V3]Trojan.Winlock.7938 [DrWeb]Trojan-Downloader.Win32.Andromeda.qic [Kaspersky]Win32:Downloader-SKC [Trj] [Avast]
More aliases (68)

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\YOUTUBE.PLAYER.exe File name: YOUTUBE.PLAYER.exe
Size: 58.2 KB (58203 bytes)
MD5: 311adc8c829cb40feb9af61c0f32b2e3
Detection count: 28
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
Group: Malware file
Last Updated: October 21, 2014
%APPDATA%\xvep2rzrsaggjjx32clnnpjxfwls3sac2\svcnost.exe File name: svcnost.exe
Size: 94.58 KB (94585 bytes)
MD5: eca782c54108f78b064dfcfc073dbb36
Detection count: 21
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\xvep2rzrsaggjjx32clnnpjxfwls3sac2
Group: Malware file
Last Updated: January 28, 2014
Flugscheindetails.zip File name: Flugscheindetails.zip
Mime Type: unknown/zip
Group: Malware file
Flugsheindetails.PDF.exe File name: Flugsheindetails.PDF.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

Additional Information

The following messages's were detected:
# Message
1Falls Sie diese Reiseinformation nicht oder nur teilweise lesen konnen, offnen Sie bitte die angehangte PDF-Version. Bitte antworten Sie nicht auf diese E-Mail. Direkt-Antworten an den Absender konnen nicht bearbeitet werden. Um mit Lufthansa in Kontakt zu treten, rufen Sie bitte den Hilfe & Kontakt-Bereich auf www.lufthansa.com auf.
Flugscheindetails & Reiseinformationen in der beigefugten Datei
* Den Passenger Receipt (Rechnungsbeleg) erhalten Sie durch einen Klick auf die Flugscheinnummer bis 30 Tage nach Reisebeginn.

Loading...