Trojan.Refroso

Posted: February 23, 2011

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	10/10
Infected PCs:	84

First Seen:	January 8, 2010
OS(es) Affected:	Windows

Trojan.Refroso is a Trojan that runs in the background with your operating system, collecting data and downloading files without your permission. This infection has been identified as a security risk that will knock down your firewall and may allow a remote attacker to access your computer, so delete Trojan.Refroso without fail when you find Trojan.Refroso mucking up your hard drive. Trojan.Refroso has the potential to be highly destructive despite Trojan.Refroso subtle running methods, so try not to overlook the harm Trojan.Refroso can do to your machine even if Trojan.fakems doesn't seem to be doing much.

Slapping Trojan.Refroso Back Before It Gets In

Trojans like Trojan.Refroso can be distributed in many different ways, all of them to be highly deceptive. Computers with low browser security settings or outdated anti-virus software are highly vulnerable to Trojan infiltration. Downloaders of suspicious files such as content spread through P2P networks are also at risk. Even the briefest of contact with a dangerous website can result in Trojan.Refroso being downloaded to your computer if your browser settings aren't very strict.

Like the majority of Trojans, Trojan.Refroso will not make any big announcements that Trojan.Refroso is on your hard drive doing its own thing. Alterations to your registry will let Trojan.Refroso run whenever your operating system is running. If you're highly aware of the usual processes running in Task Manager, you can catch it by finding the additional Trojan.Refroso processes.

A Knife That Cuts Both Ways

Trojan.Refroso uses two different ways of attacking your computer:

The Trojan.Refroso Trojan will download other malware onto your computer without permission. Accomplishing this in the first place, of course, requires harming your security settings. After that's done, other malware may be installed for the purposes of spying on your confidential information or attacking your computer in other ways.
Trojan.Refroso has also been reported to collect information itself and send these tidbits out to remote attackers. Besides any direct harm Trojan.Refroso may cause your computer, Trojan.Refroso allows anonymous remote criminals to do what they want with your passwords, bank account and credit card numbers and other sensitive information that could be used for a whole spectrum of crimes.

So in both incoming and outgoing traffic, Trojan.Refroso is definitely a well-identified and severe threat, despite the minimal signs of its attacks. Could there possibly be a clearer sign of how vital deleting Trojan.Refroso's Trojan threat is for the safety of both your computer and anyone who uses it.

Aliases

Generic4_c.CFFP [AVG]Trojan.Win32.Midgare [Ikarus]VirTool:Win32/VBInject.UG [Microsoft]Trojan/win32.agent.gen [Antiy-AVL]Heuristic.BehavesLike.Win32.Suspicious-BAY.G [McAfee-GW-Edition]BackDoor.Bifrost.21515 [DrWeb]TrojWare.Win32.Refroso.~d6 [Comodo]Trojan.Generic.KDV.374344 [BitDefender]Trojan.Win32.Refroso.dzwg [Kaspersky]Win32.MoSucker.30.f [eSafe]Artemis!D52C80A94889 [McAfee](Suspicious) - DNAScan [CAT-QuickHeal]Generic25.TYA [AVG]W32/Refroso.DZTX!tr [Fortinet]Trojan.Win32.Spy [Ikarus]
More aliases (141)

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

winxp.exe

File name: winxp.exe
Size: 107.1 KB (107101 bytes)
MD5: 7c68fa4604ac0549055ec290d69c5d10
Detection count: 40
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: April 28, 2010

%APPDATA%\system32\system32.exe

File name: system32.exe
Size: 109.38 KB (109386 bytes)
MD5: 7ce7deb84b1ef682deffcd065cd33b6c
Detection count: 36
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\system32
Group: Malware file
Last Updated: November 16, 2010

C:\\RECYCLER\\S-1-5-21-1510385098-0592808240-595446362-9522\schl.exe

File name: schl.exe
Size: 157.69 KB (157696 bytes)
MD5: cc49055b671da3ef11f185525b91fcc6
Detection count: 25
File type: Executable File
Mime Type: unknown/exe
Path: C:\\RECYCLER\\S-1-5-21-1510385098-0592808240-595446362-9522
Group: Malware file
Last Updated: July 14, 2017

winin2.exe

File name: winin2.exe
Size: 45.56 KB (45568 bytes)
MD5: 06f296b97dc4ccbf1ea30a4eb4b42f20
Detection count: 6
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: January 8, 2010

%WINDIR%\csrs.exe

File name: csrs.exe
Size: 111.67 KB (111679 bytes)
MD5: d9d3817b4943e0cf841e5b68f9db17f6
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%
Group: Malware file
Last Updated: November 22, 2010

More files