Trojan.Kerproc!rts

Posted: February 16, 2011

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	8/10
Infected PCs:	30

First Seen:	December 20, 2010
Last Seen:	May 5, 2022
OS(es) Affected:	Windows

Trojan.Kerproc!rts is a Trojan that pokes holes in the safety and security settings of your computer, particularly by opening ports that were previously closed. These open ports can allow remote attackers to gain access to your computer, or may simply be used to download other kinds of malware that will cause further problems for your machine. If you want to remove Trojan.Kerproc!rts, then you should rely on a proven security product rather than trying to remove the infection yourself, since Trojan.Kerproc!rts may obscure itself or hide in operating system folders.

Where It All Started

Some reports indicate that Trojan.Kerproc!rts spreads mostly through infected P2P files and social networking links. If this is or not the case, one must download Trojan.Kerproc!rts, unintentionally or deliberately, in order to acquire this infection. There are some kinds of malware, including Trojan.Kerproc!rts itself, that can perform this process even with you not being aware of it.

Have security software running and upgraded to the latest version at all times to keep Trojan.Kerproc!rts off your computer. In most cases, all but the very newest of infections will be caught reputable anti-virus software. Trojan.Kerproc!rts was thoroughly identified early in 2011, making updates particularly needed for accurate containment of the threat. If you see error messages or other alerts prompting you to download a program, chances are high that this is another Trojan infection attempting to lure you into downloading malware.

How Trojan.Kerproc!rts Opens Doors for Malicious Guests

Trojan.Kerproc!rts and similar Trojans will open ports and change other security settings to allow outside parties access to your system. This can be exploited in multiple ways, all of them illegal and harmful to you in one fashion or another.

Trojan.Kerproc!rts can download other malware. This malware will take up system resources and cause a slowdown in your interface. Trojan.Win32.Jorik.Lolbot.bz may also damage your files, record your personal information, or create fake error messages that misdirect your perceptions of current infections on the system.
The Trojan.Kerproc!rts Trojan may also allow a remote attacker to access your computer. A skilled remote attacker can accomplish anything the above malware would be able to do, in addition to causing other problems. You may lose control of your computer or related peripherals such as your printer.
The Trojan can also send information out through the port to the remote entities. This places personal information such as your financial transaction information and passwords in the control of Trojan.Kerproc!rts's criminal creators.

The current lack of evidence about unusual self-defensive mechanics can make it highly likely that deleting Trojan.Kerproc!rts requires no unusual tools or strategies. Have your security software ready to run, and this Trojan should present no threat. Of course, if you had it running to begin with, you may never meet up with Trojan.Kerproc!rts at all.

Aliases

Trj/Downloader.MDW [Panda]BackDoor.Agent.TJA [AVG]PossibleThreat [Fortinet]Win-Trojan/Agent.75264.AU [AhnLab-V3]Backdoor/Win32.Agent.gen [Antiy-AVL]Mal/Generic-L [Sophos]TR/Agent.75264.C [AntiVir]Trojan.Siggen.7884 [DrWeb]Backdoor.Win32.Agent.~ZTB [Comodo]Backdoor.Generic.74274 [BitDefender]Backdoor.Win32.Agent.lcw [Kaspersky]Trojan.Agent-31704 [ClamAV]Win32:Agent-AAID [Trj] [Avast]Trojan Horse [Symantec]W32/Backdoor2.CHDS [F-Prot]
More aliases (61)

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

C:\Users\<username>\AppData\Local\Temp\IXP000.TMP\server.exe

File name: server.exe
Size: 75.26 KB (75264 bytes)
MD5: c9066075af479151ff6a4b48b4a318bc
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\AppData\Local\Temp\IXP000.TMP\server.exe
Group: Malware file
Last Updated: December 7, 2021

%WINDIR%\system32\ReSSDT.sys

File name: ReSSDT.sys
Size: 2.43 KB (2432 bytes)
MD5: 8c652d7151aaf46ea0e32e7d520dfc5f
Detection count: 9
File type: System file
Mime Type: unknown/sys
Path: %WINDIR%\system32
Group: Malware file
Last Updated: January 19, 2019