TROJ_PPDROP.EVL
Posted: June 5, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 9/10 |
|---|---|
| Infected PCs: | 86 |
| First Seen: | June 5, 2012 |
|---|---|
| OS(es) Affected: | Windows |
TROJ_PPDROP.EVL is a malicious PowerPoint file that's distributed by spam e-mail message as part of a strategy for infecting PC users with a second PC threat, a backdoor Trojan. Because TROJ_PPDROP.EVL conceals this installation with Flash exploits and also drops a second (and non-malicious) PowerPoint file as a distraction, victims may be unaware of the initial attack. TROJ_PPDROP.EVL's payload, like all backdoor Trojans, compromises your computer's security by allowing a criminal-controlled server to issue commands, install other PC threats or receive stolen information. Since TROJ_PPDROP.EVL's backdoor Trojan is a high-level PC threat with potentially long-lasting negative consequences, SpywareRemove.com malware analysts stand by removing TROJ_PPDROP.EVL and its fellow Trojan the very moment you can lay hands on a good anti-malware scanner – although avoiding TROJ_PPDROP.EVL is definitely a preferable course of action.
TROJ_PPDROP.EVL: Proudly Presenting a Distraction from Its Security Attacks
TROJ_PPDROP.EVL may appear to be a harmless PowerPoint file, but within its confines lurks an installation technique that deftly circumvents your computer's security to create a backdoor exploit. A Flash file is embedded in TROJ_PPDROP.EVL that automatically exploits the vulnerability CVE-2011-0611, which affects outdated versions of Adobe AIR, Adobe Flash Player, Adobe Acrobat and Adobe Reader. This simple exploit allows TROJ_PPDROP.EVL to execute arbitrary commands and place two other files on your PC: an actual plain PowerPoint file and the backdoor Trojan identified as BKDR_SIMBOT.EVL.
BKDR_SIMBOT.EVL is used for standard backdoor Trojan-esque attacks, including installing other forms of hostile software or allowing criminals to control your PC via a Command & Control server. Because BKDR_SIMBOT.EVL uses code-injection tactics to conceal itself, SpywareRemove.com malware researchers recommend that you delete TROJ_PPDROP.EVL and BKDR_SIMBOT.EVL with suitably adept anti-malware software if you find that your PC's been infected.
Shutting TROJ_PPDROP.EVL Down Before Its Scam Starts
Since TROJ_PPDROP.EVL requires Flash exploits to complete its PC threat-installing attack, the easiest way to deflect a TROJ_PPDROP.EVL's problem is to avoid keeping Flash-related software on your computer, as noted in the list of vulnerable applications earlier in this article. However, since Flash is widely-used for website and game design, SpywareRemove.com malware researchers also note that simply keeping Flash software updated will close outdated security flaws like the one that TROJ_PPDROP.EVL uses.
TROJ_PPDROP.EVL is also one of many Trojans that are distributed by way of e-mail spam. Recognizing and deleting such fraudulent messages as soon as they're seen can prove to be a powerful defense against both TROJ_PPDROP.EVL and many other varieties of Trojans. Failing that, using anti-malware programs to scan file attachments before you download them can also help to catch TROJ_PPDROP.EVL before TROJ_PPDROP.EVL has a chance to do any harm to your PC.
Both TROJ_PPDROP.EVL and BKDR_SIMBOT.EVL have been confirmed to function in multiple versions of Windows, although other operating systems are, at the time of this writing, safe from this pair of Trojans.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%User Temp%\Winword.tmp
File name: %User Temp%\Winword.tmpFile type: Temporary File
Mime Type: unknown/tmp
Group: Malware file
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.