Troj/BckR2D2-A

Troj/BckR2D2-A is a backdoor Trojan with several features that are geared towards spyware-based activities, including capturing screenshots and keylogging. Recent reports from the CCC (or Chaos Computer Club, a German hackers' organization) have claimed that Troj/BckR2D2-A is actually designed and propagated by German law enforcement as part of an unlawful expansion of wiretapping actions. However, there has been no confirmation or even denial of this accusation from official sources, and for the moment, SpywareRemove.com malware experts strongly recommend that if you have the misfortune to find Troj/BckR2D2-A on your hard drive, you remove Troj/BckR2D2-A from your PC with a powerful anti-malware program. Like other forms of spyware, Troj/BckR2D2-A will not show obvious signs of being active but is, nonetheless, capable of allowing remote entities to access private information or even control your PC, until you've deleted Troj/BckR2D2-A with a good anti-spyware program.

Troj/BckR2D2-A: the Whimsical Trojan with an Unusual Origin Story

The Troj/BckR2D2-A Trojan acquired Troj/BckR2D2-A's moniker by using a snippet of data transmission code that contains the phrase 'C3PO-r2d2-POE,' a cheerful movie reference that's rather out-of-place, given Troj/BckR2D2-A's overall malicious and potentially highly-damaging functionality. More colloquial identifications for Troj/BckR2D2-A than Troj/BckR2D2-A's standard name, include 0zapftis (a play on words that references German beer festival traditions), BundesTrojaner (the 'State Trojan' that's officially used by the German police) and simply R2D2.

Whether Troj/BckR2D2-A actually is the official BundesTrojaner, however, remains in doubt. Although CCC claims that Troj/BckR2D2-A is the genuine article, other malware analysts have also noted that Troj/BckR2D2-A could just as easily be an unrelated Trojan that was altered to frame the German police. Regardless of Troj/BckR2D2-A's origins, however, SpywareRemove.com malware experts have found that Troj/BckR2D2-A's capabilities are flexible and harmful, even beyond the extent allowed by German law, and recommend that any Troj/BckR2D2-A infection be removed with anti-malware program in the same way that you'd remove any other form of Trojan or spyware.

The Dangers of Troj/BckR2D2-A's Virtual Wiretap

Although Troj/BckR2D2-A's true status as a state-ordained Trojan remains a mystery, Troj/BckR2D2-A's legal status doesn't change Troj/BckR2D2-A's actual functions, which are more than capable of being put to ill use. SpywareRemove.com malware researchers note the following dangers in any Troj/BckR2D2-A infection, although others may also be present in new Troj/BckR2D2-A variants:

• Troj/BckR2D2-A may update itself to add new features without your permission.
• Troj/BckR2D2-A is also a keylogger and may record input from your keyboard (keyboards and, potentially, even copy-pasted information), including passwords and account login info. Right now, this keylogging is supposedly restricted to web browser-based text, but can function in several types of browsers, including Internet Explorer, Firefox, SeaMonkey and Opera.
• Even if you don't use your web browser, Troj/BckR2D2-A has other ways to spy on your activities, especially with regards to instant messages. Troj/BckR2D2-A will specifically target Skype, Yahoo Messenger and MSN Messenger for conversations to record and send back to anonymous entities. This behavior also extends to audio-based calls from within Skype.
• Finally, anything that's displayed on your screen is also in danger of being recorded by Troj/BckR2D2-A, since Troj/BckR2D2-A is capable of grabbing screenshots in .jpg format.

Even if Troj/BckR2D2-A Trojans were legitimate wiretap-style infection Trojans from German legal authorities, the above attacks would still be unlawful in the extent of their functions. As a result, SpywareRemove.com malware researchers can only suggest that you get rid of Troj/BckR2D2-A with a dependable anti-malware program.

Technical Details