Trojan.Tracur.C and Trojan.JS.Redirector.KY Pose as Fake Internet Explorer/Firefox Plugin

SpywareRemove.com malware researchers have examined recent reports of fake Flash update attacks and found a new string of particularly invasive Trojan attacks engaging in infection-sprees with these disguises. Although masquerading as a software update isn't a new trick for most types of malicious software, recent Trojan.Tracur.C attacks are notable for their quantity, for their tendency to install other types of Trojans by default, and for their ability to hijack your web browser. The latter attack is commonly reserved for visits to popular search engine sites, although the Java-injection technique that Trojan.Tracur.C and Trojan.Tracur.C's cohort use can also be applied to other types of redirect attacks. Because of the unusual subtlety of Trojan.Tracur.C-related attacks that alter preexisting links when you try to click them, SpywareRemove.com malware researchers encourage you to use appropriate anti-malware strategies and software to avoid and delete Trojan.Tracur.C infections whenever it's necessary to do so.

Pay Attention to That Flash Update – It Might Just Spare You a Trojan.Tracur.C Attack

Recent (as of September 2011) Trojan.Tracur.C attacks have been going the rounds in the form of 'Flash' media updates; these fake update links are often embedded in an equally-fake movie player that hostile websites use to infect your PC when you try to access their video content. Since these ongoing attacks utilize your indiscretion to infect your computer, the simplest way to dodge a Trojan.Tracur.C attack is to download all your Flash updates from official sites.

However, because Trojan.Tracur.C infections can also occur even with accidental exposure to malicious websites, being aware of the side effects of this fake Flash update attack can also prove useful. Equally-crucial is the knowledge that Trojan.Tracur.C will also install a Trojan.JS.Redirector.KY Trojan, and remove Trojan.JS.Redirector.KY without deleting Trojan.Tracur.C, or vice versa, may not stop the relevant symptoms from appearing.

• Trojan.Tracur.C and Trojan.JS.Redirector.KY launch themselves in the form of BHOs (or Browser Helper Objects) and inject JavaScript code into normal processes (such as Internet Explorer's iexplore.exe). You may be able to notice this by excessive memory usage in Windows Task Manager, or by accompanying browser performance degradation.
• Trojan.JS.Redirector.KY and Trojan.Tracur.C will proceed to monitor your online habits, particularly which websites you visit. This is done for the purpose of enabling another their third attack, as described below.
• Lastly, your web browser will be redirected to arbitrary and malicious websites whenever you click a search engine's result link. Although very high-visibility search sites, such as Google, AOL Search, Yahoo Search and Bing are all primary targets of this attack, lesser-known search engines may also be targeted. This allows Trojan.JS.Redirector.KY and Trojan.Tracur.C to redirect you without any obvious sign that this has happened unless you're paying close attention to the link's URL.

Cleaning House and Kicking Out the Trojans

Although their symptoms are visible in web browsers, you can't remove Trojan.JS.Redirector.KY or Trojan.Tracur.C by making changes to your browsers or even by uninstalling your web browsers. Instead, you should delete both Trojan.Tracur.C and Trojan.JS.Redirector.KY with a qualified anti-malware scanner.

SpywareRemove.com malware researchers also suggest that you do this as soon as possible, since Trojan.Tracur.C may also be configured to function in the form of a backdoor Trojan that allows criminals to access and control your computer. Allowing such a vulnerability to remain on your PC for extended periods of time can result in identity theft, account hijacks and other forms of serious harm to your computer, information and money.