Trojan.Tapaoux.B
Trojan.Tapaoux.B is a Trojan that opens a back door on the affected computer. When executed, Trojan.Tapaoux.B may create potentially malicious files. Trojan.Tapaoux.B may delete the 'sysconfig.ini' file if it exists in certain locations (%System%\ and %AppData%\Microsoft\Protect). Trojan.Tapaoux.B may create registry entries so it can run automatically every time Windows runs. Trojan.Tapaoux.B inserts itself into the processes such as 'wscntfy.exe', 'wuauclt.exe', 'ctfmon.exe', 'svchost.exe' and 'dwm.exe'. Trojan.Tapaoux.B opens a back door on the targeted computer, creates a log file, and connects to one of the specified URLs. Trojan.Tapaoux.B may execute the potentially malicious actions such as execute file operations (run, search, delete, copy, move, upload); gather system information and encrypt for storage (computer name, adapter information, OS); access, create, and end any running process; modify the Windows Registry; retrieve network connection state; decrypt data stored in .bin file, load malicious DLLs and call export function named 'RunThisCode'; and further configure or update the malware threat. Trojan.Tapaoux.B may delete itself.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:[TEMPLATES]\[RANDOM CHARACTERS].exe
File name: [TEMPLATES]\[RANDOM CHARACTERS].exeFile type: Executable File
Mime Type: unknown/exe
[TEMPLATES]\RcDll.dll
File name: [TEMPLATES]\RcDll.dllFile type: Dynamic link library
Mime Type: unknown/dll
[TEMPLATES]\data
File name: [TEMPLATES]\data%System%\d[RANDOM CHARACTERS].dll
File name: %System%\d[RANDOM CHARACTERS].dllFile type: Dynamic link library
Mime Type: unknown/dll
%System%\b[RANDOM CHARACTERS].bin
File name: %System%\b[RANDOM CHARACTERS].binFile type: Binary File
Mime Type: unknown/bin
%System%\ffffz[MM][DD][hh][mm][ss][0-3 LETTERS OR DIGITS].tmp
File name: %System%\ffffz[MM][DD][hh][mm][ss][0-3 LETTERS OR DIGITS].tmpFile type: Temporary File
Mime Type: unknown/tmp
%AppData%\Microsoft\Protect\SystemKey\d[RANDOM CHARACTERS].dll
File name: %AppData%\Microsoft\Protect\SystemKey\d[RANDOM CHARACTERS].dllFile type: Dynamic link library
Mime Type: unknown/dll
%AppData%\Microsoft\Protect\SystemKey\b[RANDOM CHARACTERS].bin
File name: %AppData%\Microsoft\Protect\SystemKey\b[RANDOM CHARACTERS].binFile type: Binary File
Mime Type: unknown/bin
Registry Modifications
HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\"Startup" = "%UserProfile%\Application Data\Microsoft\Windows\Explorer"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"[RANDOM CHARACTERS].exe" = "%AppData%\Microsoft\Protect\[RANDOM CHARACTERS].exe"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"[RANDOM CHARACTERS].exe" = "%SYSTEM%\[RANDOM CHARACTERS].exe"
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.