Trojan.Tracur.C

Posted: September 23, 2011

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	9/10
Infected PCs:	99

First Seen:	September 23, 2011
OS(es) Affected:	Windows

Trojan.Tracur.C is a backdoor Trojan and a dropper Trojan that installs browser hijackers, allows remote criminals to take over your PC and alters your firewall to make it ineffectual. Because Trojan.Tracur.C's backdoor functions allow Trojan.Tracur.C to be reconfigured to make a wide range of different attacks, the symptoms of a Trojan.Tracur.C infection may differ from one another in noticeable ways. However, all Trojan.Tracur.C infections that have been noted so far utilize browser hijacker and firewall-based attacks that expose your browser to multiple sources of infection and leave your computer unable to defend itself against remote attacks. SpywareRemove.com malware researchers recommend that you don't waste any time in using a competent PC security program to delete Trojan.Tracur.C in a system scan, if you see signs of Trojan.Tracur.C attacks.

Trojan.Tracur.C and Trojan.JS.Redirector.KY: Comrades in Arms (to Your Detriment)

Trojan.Tracur.C installs itself in the form of a BHO or Browser Helper Object and commits itself to running whenever you try to launch a memory process that Trojan.Tracur.C has infected. Since these processes are normal system processes (such as explorer.exe and iexplore.exe) that are used for most Windows systems, this startup routine lets Trojan.Tracur.C launch itself in secret and remain active nearly every second that you use Windows.

Trojan.Tracur.C is often installed by fake Flash updates and similar forms of fraudulent media software updates that contain a concealed Trojan installer. Once Trojan.Tracur.C is on your system and running, Trojan.Tracur.C will also make sure that Trojan.Tracur.C is not alone; Trojan.Tracur.C infections will also install Trojan.JS.Redirector.KY, a browser hijacker. Trojan.Tracur.C's browser hijacker will redirect any attempts to use safe search engines towards harmful websites, although this may be easy to overlook, since Trojan.JS.Redirector.KY hides Trojan.JS.Redirector.KY's attack by injecting JavaScript code into search result links.

The Graver Danger of Trojan.Tracur.C: Criminal Hands on the Wheel

Trojan.Tracur.C can also be used to cause attacks that enable criminals to control your PC from remote servers. Examples of prominent non-browser hijacker attacks that SpywareRemove.com malware researchers have tied to Trojan.Tracur.C include:

Altered firewall settings. Trojan.Tracur.C may create exceptions that allow Trojan.Tracur.C and other types of harmful software to ignore your firewall.
Trojan.Tracur.C may also open your network ports; open ports places your PC in greater danger of being attacked through a network and allows Trojan.Tracur.C to transmit potentially-sensitive information.
Excessive usage of system resources. Since Trojan.Tracur.C injects Trojan.JS.Redirector.KY's Java code into a normal process and launches itself automatically, your system resources, such as RAM, may be noticeably reduced from normal levels. This can cause lag, stuttering and other quality-of-system-performance issues.
The presence of additional types of harmful programs besides Trojan.Tracur.C's default Trojan.JS.Redirector.KY browser hijacker. Until you delete Trojan.Tracur.C with the appropriate security programs, Trojan.Tracur.C may install and assist spyware that steal private information, fake security products, worms and other types of malicious software.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

KBDES32.exe

File name: KBDES32.exe
Size: 340.99 KB (340992 bytes)
MD5: 1bbd75baf4bdfd56fa9419b722b9cab7
Detection count: 93
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: October 4, 2011

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{Subkeys}HKCU\Software\Classes\Software\ZghypcxhleHKCR\ZghypcxhleHKCR\.fsharprojHKCU\Software\Zghypcxhle

Trojan.Tracur.C!inf