Trojan:Win32/Alureon.EP

Trojan:Win32/Alureon.EP is a Trojan dropper that's used to install and launch a secondary component of a multicomponent Alureon infection. Alureon attacks use code injection techniques to hide themselves while they steal confidential information by monitoring your Internet traffic. Because there aren't any meaningful symptoms in a Trojan:Win32/Alureon.EP attack (besides very minor changes to the resource usage of preexisting system processes, like svchost.exe), SpywareRemove.com malware research team recommends using anti-malware products to detect Trojan:Win32/Alureon.EP and the other Alureon-based Trojans that are certain to be found with Trojan:Win32/Alureon.EP. Inadequate anti-malware defenses against Trojan:Win32/Alureon.EP or failure to delete Trojan:Win32/Alureon.EP and its kin quickly enough can result in loss of incredibly sensitive information including banking data and website account passwords.

Trojan:Win32/Alureon.EP – the Smooth Operator for a Spy in Your Machine

Trojan:Win32/Alureon.EP is one of many PC threats that can be included in any particular Alureon attack. Various components are responsible for installing other Alureon Trojans, changing your system settings or monitoring your web-browsing history, for example. If Trojan:Win32/Alureon.EP were to be seen only by itself, Trojan:Win32/Alureon.EP could be considered a minor danger, but since Trojan:Win32/Alureon.EP's entire purpose involves installing and loading other Alureon-related Trojans, Trojan:Win32/Alureon.EP would be considered just part of a very large security hazard for your PC.

After Trojan:Win32/Alureon.EP's installation, Trojan:Win32/Alureon.EP proceeds to attack your computer according to the following strategy, as noted by SpywareRemove.com malware analysts:

• Trojan:Win32/Alureon.EP places a second file (also detected by Trojan:Win32/Alureon.EP) in your system folder.
• Registry entries are created to allow the second copy of Trojan:Win32/Alureon.EP to run automatically, while the first copy of Trojan:Win32/Alureon.EP is deleted to avoid detection.
• The second Trojan:Win32/Alureon.EP exploits code-injection techniques to launch a malicious driver file from within the process spoolsv.exe and loads this driver (identified as Trojan:WinNT/Alureon.S). This driver performs additional code-injection attacks of its own that are used to launch other Alureon components, as well as taking steps to protect these components by redirecting access requests to the original (AKA, uninfected) files.

As a consequence, detection of Trojan:Win32/Alureon.EP and other Alureon Trojans can be difficult for all but highly-advanced anti-malware software.

What It Boils Down to When Trojan:Win32/Alureon.EP Has Its Way with Your System Files

Trojan:Win32/Alureon.EP attacks can, ultimately, result in very significant compromises to your PC's ability to keep information transactions private – including both uploads and downloads. Attacks may inject malicious content (phishing attacks) into bank web pages, monitor text form-based input passively or use other means of stealing personal information while displaying a minimum of symptoms. SpywareRemove.com malware researchers encourage you to use proactive anti-malware protection against Trojan:Win32/Alureon.EP and other Alureon Trojans, but competent anti-malware programs also should be able to delete Trojan:Win32/Alureon.EP, Trojan:WinNT/Alureon.S and other Alureon-based PC threats whenever it's necessary.

After removing Trojan:Win32/Alureon.EP and other Alureon-related Trojans, you may want to contact your bank and other relevant entities to change passwords, security questions and similar account-based information. Even after Trojan:Win32/Alureon.EP and its payload are gone, criminals may still have access to information that was compromised while Trojan:Win32/Alureon.EP was still on your PC.

Technical Details