Trojan.Katusha

Posted: April 16, 2009

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	9/10
Infected PCs:	8,469

First Seen:	July 24, 2009
Last Seen:	August 20, 2023
OS(es) Affected:	Windows

Trojan.Katusha is a generic label for a group of Trojans that may install other forms of PC threats or create serious security holes on your PC. Many variants of Trojan.Katusha are currently-propagated, and their symptoms may vary, but some Trojan.Katusha detections are also false positives (instances of a safe file being inaccurately-labeled as a threat). However, SpywareRemove.com malware researchers are pleased to note that all currently-known forms of Trojan.Katusha false positives have been solved by patches; therefore, you should consider updating your anti-malware software if you find a Trojan.Katusha detection that you suspect to be inaccurate. Nonetheless, real Trojan.Katusha infections remain a danger to any PC, and you should be prepared to delete Trojan.Katusha with a dependable anti-malware product if you find an actual Trojan.Katusha Trojan on your computer.

The Fake Trojan.Katusha That You Can Rest Easy Over Encountering

In some cases, SpywareRemove.com malware researchers note that Trojan.Katusha can be, not an actual Trojan, but a simple misidentification error in PC security software. This form of error or false positive is commonly-caused by updates in unrelated and safe programs, and Trojan.Katusha false positives, in particular, have been known to occur even in Windows security updates. If you're certain that a Trojan.Katusha alert is a false positive, you can simply set your anti-malware software to ignore this fake Trojan.Katusha and continue about its business; this will allow the program update to proceed, although your security software should still be able to detect real Trojan.Katusha intrusions from other sources.

All known security programs that have a history of false positives for Trojan.Katusha have also solved these problems via threat definition patches, with the last-known false positive patched as of July 2011. Patching your anti-malware program should, thusly, be one of the basic steps you take after you encounter a fake Trojan.Katusha alert. This should accomplish essentially the same thing as setting your software to ignore the false positive and still allow your security to thwart actual Trojan.Katusha attacks in the future.

The Actual Trojan.Katusha That You Shouldn't Take Lightly

Even though the most publicized Trojan.Katusha alerts have been false positives, real Trojan.Katusha infections are also a distinct possibility for your PC since variants of Trojan.Katusha are still in circulation. SpywareRemove.com malware researchers note that Trojan.Katusha can be recognized by many names due to its broad nature and due to differing categorization methods between PC security companies. Some of Trojan.Katusha's aliases are Trojan.Codecpack.Gen.6, Trojan.FakeAV!gen29, TrojanDownloader:Win32/Renos.LX, VirTool.Win32.Obfuscator.hg!b (v) and Malware-Cryptor.Win32.Palka. Genuine Trojan.Katusha Trojans are spread throughout the web by fake online scanners and fake codec updates; as always, it's recommended that you distrust system scans and software updates that aren't from reputable sources.

Trojan.Katusha attacks may vary, due to a number of factors, but often include:

Dropper functions that install malicious software (such as spyware, rogue security programs or self-copying worms).
Backdoor functions that lower your computer's security so that Trojan.Katusha's hacker partners can take over your PC.

In all cases, removing Trojan.Katusha with suitable anti-malware software as quickly as possible is the best solution to re-secure your PC from the possibility of remote control, theft and other forms of damage.

Aliases

Trojan.FakeAV!gen29 [Symantec]VirTool.Win32.Obfuscator.hg!b (v) [Sunbelt]Mal/FakeAV-CX [Sophos]W32/Autoit.KT [Panda]a variant of Win32/Kryptik.EWP [NOD32]TrojanDownloader:Win32/Renos.LX [Microsoft]Downloader-CEW.b [McAfee]Win32/FakeCodec.C!generic [eTrust-Vet]Trojan.Siggen1.40126 [DrWeb]Downloader.Generic9.CBGS [AVG]W32/FakeAlert.GZ.gen!Eldorado [Authentium]Win-Trojan/Agent.176128.IO [AhnLab-V3]Suspicious file [Panda]Virus.Packed.Win32.Katusha [Ikarus]Suspicious:W32/Malware!Gemini [F-Secure]
More aliases (100)

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

C:\Program Files (x86)\Free Keylogger Pro\Free KLP.exe

File name: Free KLP.exe
Size: 114.68 KB (114688 bytes)
MD5: d3df5712baf1dea02bf952b59b042564
Detection count: 7,560
File type: Executable File
Mime Type: unknown/exe
Path: C:\Program Files (x86)\Free Keylogger Pro\Free KLP.exe
Group: Malware file
Last Updated: August 20, 2023

%APPDATA%\ohydy.exe

File name: ohydy.exe
Size: 77.82 KB (77824 bytes)
MD5: d4345f2d7b03cc07a19c5969155e7d70
Detection count: 630
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: September 16, 2010

winexplorer.dll

File name: winexplorer.dll
Size: 373.24 KB (373248 bytes)
MD5: 665c5d99f075d458d5c42e812cff0c72
Detection count: 85
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009

dwtrig20microsoft.exe

File name: dwtrig20microsoft.exe
Size: 153.6 KB (153600 bytes)
MD5: 3dc5d5c9498558f98d3ba036fc637836
Detection count: 81
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 18, 2010

79F.tmp

File name: 79F.tmp
Size: 153.08 KB (153088 bytes)
MD5: 4ba1a1b00e5b4f48509629edf04e6cce
Detection count: 80
File type: Temporary File
Mime Type: unknown/tmp
Group: Malware file
Last Updated: May 18, 2010

wincontrol.dll

File name: wincontrol.dll
Size: 346.11 KB (346112 bytes)
MD5: 367abd10b7dd3c6deba207cb0fcd9011
Detection count: 73
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009

msxmlm.dll

File name: msxmlm.dll
Size: 400.38 KB (400384 bytes)
MD5: 2f1fc0cb4cacdf8730214150714254cf
Detection count: 66
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009

vumomate.dll

File name: vumomate.dll
Size: 50.68 KB (50688 bytes)
MD5: cdb8888c985ea027d410edd309545097
Detection count: 40
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009

system.exe

File name: system.exe
Size: 30.21 KB (30212 bytes)
MD5: aeae34fe29a9b15c0d3eaba7b3521e4a
Detection count: 24
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: April 8, 2010

%WINDIR%\Mcojoa.exe

File name: Mcojoa.exe
Size: 176.12 KB (176128 bytes)
MD5: 5244a690c6ba42c2b095fbf1b9395466
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%
Group: Malware file
Last Updated: November 2, 2010

notepad.dll

File name: notepad.dll
Size: 34.3 KB (34304 bytes)
MD5: 45cddba5ef413e10576745fa4b1faf49
Detection count: 0
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: April 15, 2010

More files

Registry Modifications

The following newly produced Registry Values are:

CLSID{2E59498D-7E44-4452-9044-0973B080B9E8}