Trojan.Healsock

Trojan.Healsock is a Trojan horse that often uses rootkit-based techniques to conceal itself in your PC. The existence of Trojan.Healsock on a computer is a serious security threat, and can result in disabled security programs, altered application settings or even attacks by remote criminals that use Trojan.Healsock to control your PC. To insure complete deletion and minimize potential side effects related to deleting Trojan.Healsock, you should remove Trojan.Healsock as soon as the first opportunity arises, by using high-quality security software in Safe Mode.

Trojan.Healsock: An Old Threat, Yet Still Circulating with Persistence

Trojan.Healsock was first documented in 2008, but is still propagating throughout the Internet all the way in 2011. Most Trojan infections like Trojan.Healsock are spread through drive-by download scripts that exploit Flash or JavaScript, to install Trojan.Healsock or another threat through your web browser. Disabling scripts for websites that aren't trustworthy, and using the latest version of a browser will help lower the chance of Trojan.Healsock sneaking through a security hole.

More specifically to Trojan.Healsock, the Trojan.Healsock threat has also been noted to propagate with the help of online gambling advertisements and websites. Most web browsers will allow you to disable potentially malicious advertisements and a good anti-malware program will be able to spot Trojan.Healsock before Trojan.Healsock does serious damage.

Depending on which version of Trojan.Healsock you've caught, Trojan.Healsock may also be detected under some of the following names: Trojan.Ascesso, Trojan-Dropper.Agent, Rootkit.Win32.Agent.eii, Virus.Rootkit.Win32.Agent.eii and Mal/Rootkit-F.

How Trojan.Healsock Keeps Doing What It Does

Different varieties of Trojan.Healsock can use different methods to avoid detection. Some Trojan.Healsock variants have been known to use rootkit tactics that allow them to infect native memory processes. Detecting rootkits may be possible by monitoring the resource usage or permissions of certain processes, but in most cases is more easily done with security software.

Trojan.Healsock may also create Trojan.Healsock's own processes to use; two processes that are known to be linked to Trojan.Healsock include setupvx.exe and GoogleUpdateBeta.exe. The latter, in particular, isn't affiliated with Google and should be considered to be a sign of Trojan.Healsock or another serious threat being on your PC.

Trojans like Trojan.Healsock can be involved in a multitude of harmful activities, including but not limited to:

• Remote attacks that take over your PC. These attacks can be achieved by Trojan.Healsock playing the part of a Remote Administration Tool or RAT, and are responsible for Denial-of-Service flooding and other crimes.
• Stealing personal information like online account logins, passwords, social contact lists or banking-related data. Trojan.Healsock may download and install keyloggers and other spyware without your permission, or simply serve as spyware inherently or through instructions that are transmitted by remote criminals.
• Other harmful software being installed without your consent. Most Trojans like Trojan.Healsock will drop a payload that consists of at least one and possible multiple other threats. These threats can be spyware, worms, viruses, rogue security programs or even other Trojans.