TrojanDownloader:Win32/Spycos.R Description

TrojanDownloader:Win32/Spycos.R is Trojan that distributes and runs other computer infections by connecting to remote servers, usually via HTTP. TrojanDownloader:Win32/Spycos.R steals data about the compromised PC including anti-virus programs and online banking plugins installed on the computer, computer name, current user name, windows version of your computer and volume serial number of the hard disk. TrojanDownloader:Win32/Spycos.R transfers the information to the server ‘entreterimentoglass.com’. While being installed, TrojanDownloader:Win32/Spycos.R makes system modifications by adding possibly malevolent files however only when the default language on the computer is Portuguese. TrojanDownloader:Win32/Spycos.R blocks AVG and Avast security applications from normal functioning by ending processes and services of anti-virus programs if they exist on the PC. TrojanDownloader:Win32/Spycos.R creates copies of itself as a CPL file on the Temporary Files folder with a random 12-digit file name.

Type: Trojans

How Can You Detect TrojanDownloader:Win32/Spycos.R?

TrojanDownloader:Win32/Spycos.R Removal Details

TrojanDownloader:Win32/Spycos.R has typically the following processes in memory:

• %Temp%\FXSAPIDebuglog.DLL

TrojanDownloader:Win32/Spycos.R creates the following files in the system:

• %Temp%\_thundbs2.db

TrojanDownloader:Win32/Spycos.R creates the following registry entries:

• HKEY_LOCAL_MACHINE\Software\Micrososft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}
• HKEY_LOCAL_MACHINE\Software\Micrososft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run = “” = “%Temp%\”
• HKEY_LOCAL_MACHINE\Software\Micrososft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Important Article Disclaimer