TR/Injector.EB.64
Posted: April 12, 2013
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 9/10 |
|---|---|
| Infected PCs: | 80 |
| First Seen: | April 12, 2013 |
|---|---|
| Last Seen: | December 9, 2022 |
| OS(es) Affected: | Windows |
TR/Injector.EB.64 is a variant of Cridex, a group of worms that spam e-mail messages of themselves to new targets while they attempt to steal personal information related to bank accounts and other financial institutions. SpywareRemove.com malware analysts have witnessed previous Cridex attacks using several formats to encourage victims to infect their own computers (such as fake news reports on the Cyprus bank bailout), but TR/Injector.EB.64's latest attack uses the almost nostalgic scam of a Russian bride lure. TR/Injector.EB.64 currently is targeted at the residents of German-speaking nations, and if you have any cause to suspect that TR/Injector.EB.64 has gained access to your computer, anti-malware software should be deployed immediately and used to delete TR/Injector.EB.64 before TR/Injector.EB.64 can steal any sensitive information.
TR/Injector.EB.64: the Malware that Brings All the Boys to the Yard
Much like other variants of Cridex, TR/Injector.EB.64 uses spam e-mail as its favorite method of distribution. The most recent e-mails carrying TR/Injector.EB.64 appear to be translated into German using automated tools that reproduce the language imperfectly, with the content claiming to offer a prospective relationship with a Russian would-be bride. The link to a supposed photograph of the blushing bride, however, is an EXE file, rather than the JPG that it pretends to be. Launching this file will infect your PC with TR/Injector.EB.64. SpywareRemove.com malware experts are surprised to find that, unlike most such attacks, TR/Injector.EB.64's link doesn't conceal the easily-identified EXE tag.
If you have appropriate anti-malware programs on your computer, TR/Injector.EB.64 may be detected by aliases that include Win32/Cridex.AE, Worm:Win32/Cridex.B, Trojan.Necurs.2, W32/Zbot.APRF!tr, Trj/Hexas.A or Trojan.Win32.Bublik. Along with using your PC to spam itself out to new computers, TR/Injector.EB.64 also may be related to attacks like the following:
- Injecting itself into separate memory processes.
- Modifying Internet Explorer's settings.
- Downloading and launching new malware.
- Stealing private information (especially financial or online account information), which TR/Injector.EB.64 can upload to a criminal-accessed server.
Reversing the Injection that's Up to No Good
Once TR/Injector.EB.64 is installed, TR/Injector.EB.64 is a direct threat to the security and privacy of your computer, and an explicit danger to any potentially-profitable confidential information. Because TR/Injector.EB.64 includes several defenses against being seen or removed normally, SpywareRemove.com malware experts suggest using applicable anti-malware tools to scan for, and then delete TR/Injector.EB.64. After you've removed TR/Injector.EB.64 from your PC, you also may need to adjust your network and/or security settings back from TR/Injector.EB.64's altered values.
TR/Injector.EB.64 and other Cridex worms are closely associated with e-mail spam campaigns. This latest attack by TR/Injector.EB.64 only places even more emphasis than usual on how important it is to avoid clicking links or files from e-mail messages of an unusual origin – and that especially applies to well-known scams like the age-old Russian bride.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:photo.jpg_______.exe
File name: photo.jpg_______.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.