Troj/Redir-P

Posted: July 27, 2012

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	9/10
Infected PCs:	9

First Seen:	July 27, 2012
Last Seen:	April 21, 2023
OS(es) Affected:	Windows

Troj/Redir-P is a Trojan that attempts to redirect your browser to a site with confirmed malicious content for downloading PC threats onto your computer without your consent. Troj/Redir-P is distributed by e-mail spam campaigns that target Germany-based e-mail accounts (by targeting the .de domain suffix); these e-mails include German messages about supposed photo attachments that, when opened, turn out to be Troj/Redir-P. Identifying and deleting Troj/Redir-P-related e-mail messages should be your main defense against potential Troj/Redir-P attacks, although SpywareRemove.com malware researchers strongly recommend that you scan your entire PC after any possible contact with Troj/Redir-P attacks due to the likelihood of other PC threats being installed.

Troj/Redir-P – Just the Newest Problem for Germany's PCs

Troj/Redir-P's mass-mailed e-mail attacks are a recent spam campaign as of late July 2012, and PCs with outdated anti-malware software may be protected inadequately against Troj/Redir-P's redirects. Current Troj/Redir-P spam limits itself to targeting .de-based e-mail addresses, although a given Troj/Redir-P link is capable of harming PCs from other regions just as easily as Troj/Redir-P harms German computers.

As noted by SpywareRemove.com malware researchers, Troj/Redir-P's template for spam e-mail pretends that an accompanying file attachment is a collection of photographs, although this may not be obvious for users who aren't fluent in German. Another noteworthy layer of deception is the use of forged sender fields that present these messages as being sent by a well-known company, such as LinkedIn (a professional social networking community) or Habbo Hotel (a Finland-based social networking site). If you're expecting a genuine message from one of these sources and aren't certain if the file is genuine or Troj/Redir-P, SpywareRemove.com malware experts recommend that you scan the corresponding file attachment with an up-to-date anti-malware program.

When a Troj/Redir-P Redirect Leads to Additional Dilemmas

PC users who unintentionally open a Troj/Redir-P file attachment will be exposed to drive-by-download exploits that attempt to install other PC threats onto their hard drives. Protection against such exploits can be managed by keeping all software updated and disabling exploitable scripts (such as Java) whenever appropriate, although these safety measures aren't guarantees that Troj/Redir-P will fail in its mission. Common payloads for attacks like Troj/Redir-P's own include spyware programs that steal private information, scamware programs that display fake security alerts and browser hijackers that redirect your browser to unusual websites.

PC threats that are installed onto your computer may vary with the website that's being contacted, and SpywareRemove.com malware research team stresses that you should always scan your PC with some form of anti-malware product after any contact with potentially hazardous types of online content. Anti-malware programs that aren't updated may be poorly-equipped to deal with Troj/Redir-P or its payload, since Troj/Redir-P is a new Trojan that was only detected by PC security companies in late July of this year.

Technical Details

Additional Information

The following messages's were detected:

#	Message
1	Hi, deine Fotos findest du im Anhang (Internet Explorer format) MfG, [NAME]