Troj/FSBSpy-A
Posted: February 14, 2013
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 9/10 |
|---|---|
| Infected PCs: | 5 |
| First Seen: | February 14, 2013 |
|---|---|
| Last Seen: | April 11, 2020 |
| OS(es) Affected: | Windows |
Troj/FSBSpy-A is a multi-component Trojan that's used to install a more powerful Trojan which creates backdoor vulnerabilities to establish botnet-based control over your PC. The consequences of a Troj/FSBSpy-A attack can include the theft of your private information or the installation of other malware. While Troj/FSBSpy-A's attack strategy appears to be under construction, currently-gathered evidence has caused SpywareRemopve.com malware experts to warn against spam e-mail links and zero-day Flash vulnerabilities, which may be combined to install Troj/FSBSpy-A without your permission. Since Troj/FSBSpy-A and related PC threats use sophisticated defenses to conceal themselves, the application of strong anti-malware software is encouraged for removing Troj/FSBSpy-A and other Troj/FSBSpy-related Trojans from your system.
Troj/FSBSpy-A: a PC Takeover that's Still in the Works
Troj/FSBSpy-A is a label that can be applied to any of several malicious files that are part of an overall FSBSpy-based attack. Currently, Troj/FSBSpy-A can't be installed without manual assistance and also has the unusual inclusion of debugging information, which has led SpywareRemopve.com malware researchers and others in the industry to speculate that Troj/FSBSpy-A still is a work-in-progress (as opposed to a finalized attack). However, once Troj/FSBSpy-A is installed, SpywareRemopve.com malware researchers stress that Troj/FSBSpy-A is just as functional as any other Trojan.
Troj/FSBSpy-A's job is to launch separate Trojan components (identified by labels such as Troj/FSBSpy-B) that use the file names of Windows programs like the Task Manager or Windows Explorer. These additional Trojans download and launch other malware from a web address that's fed to them by Troj/FSBSpy-A. Thereafter, malware related to Troj/FSBSpy-A will continue to remain active-in-memory even if you reboot your PC.
Some Trojans related to Troj/FSBSpy-A also may use 'valid' digital signatures in an attempt to trick PC users who are looking for suspicious programs. This also is used in conjunction with memory-exploit techniques that prevent Trojans related to Troj/FSBSpy-A from displaying separate files or memory processes (making it potentially very difficult for casual PC users to detect them).
The Sordid End to the Tale that Troj/FSBSpy-A Starts to Weave
Troj/FSBSpy-A's major functions end with enabling other Trojans to do their work. However, attacks that may result from a Troj/FSBSpy-A infection can extend to:
- The creation of a backdoor vulnerability that can allow a Command & Control server to gain access to your PC. These vulnerabilities may result in your control input being taken over (amongst other issues).
- The theft of basic system information about your PC (such as its operating system version, basic user information and which programs are installed). This data can be used to enable future attacks against your PC's security.
- Screenshots that can capture any data displayed on your monitor.
- The download and installing of other malware.
Current versions of Troj/FSBSpy-A attacks use Flash vulnerabilities that don't have corresponding security patches. If you're unable to keep Flash disabled or uninstalled, SpywareRemopve.com malware experts suggest that you show caution around any unusual links or websites that could host Troj/FSBSpy-A. Like you should do with any multi-component and sophisticated Trojan, you should remove Troj/FSBSpy-A (and related Trojans) with a suitably advanced anti-malware scanner.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:f416219ff1f636f415d1136f8ea33b94
File name: f416219ff1f636f415d1136f8ea33b94Size: 32.76 KB (32768 bytes)
MD5: f416219ff1f636f415d1136f8ea33b94
Detection count: 97
Group: Malware file
Last Updated: February 25, 2013
explorer.ex
File name: explorer.exSize: 427.3 KB (427304 bytes)
MD5: 66741da348171175d7be67b8b0e01318
Detection count: 94
Mime Type: unknown/ex
Group: Malware file
Last Updated: February 25, 2013
scode.dll
File name: scode.dllSize: 87.04 KB (87040 bytes)
MD5: 14fdb530d0b0bc94650bbe02b9d362ad
Detection count: 87
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: February 25, 2013
4ced1c7be1c36b487b4400c48e884cb5
File name: 4ced1c7be1c36b487b4400c48e884cb5Size: 37.19 KB (37196 bytes)
MD5: 4ced1c7be1c36b487b4400c48e884cb5
Detection count: 85
Group: Malware file
Last Updated: February 25, 2013
setup.exe
File name: setup.exeSize: 304.42 KB (304424 bytes)
MD5: b520e9f198c365125d49e7894152eebb
Detection count: 83
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: February 25, 2013
scode.txt
File name: scode.txtMime Type: unknown/txt
Group: Malware file
scodeexp.txt
File name: scodeexp.txtMime Type: unknown/txt
Group: Malware file
C:\Classified\Investigations\National¬Security\sco.pdb
File name: C:\Classified\Investigations\National¬Security\sco.pdbMime Type: unknown/pdb
Group: Malware file
C:\ClassifiedProjects\ProjectDefense\Firefox¬Binary¬Loaded¬WithCertificate\Loader-FirefoxSigned\Loader¬ReleaseFinalCERT.pdb
File name: C:\ClassifiedProjects\ProjectDefense\Firefox¬Binary¬Loaded¬WithCertificate\Loader-FirefoxSigned\Loader¬ReleaseFinalCERT.pdbMime Type: unknown/pdb
Group: Malware file
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.