Trojan.Prinimalka Removal Report

Trojan.Prinimalka

By GoldSparrow in Trojans | 16 views

Rate it:

(1 votes, average: 5.00 out of 5)

Loading ...

Trojan.Prinimalka Description

Trojan.Prinimalka is a banking Trojan that is connected with an attack campaign ‘Project Blitzkrieg’, a new cybecriminal [sic] project, which purpose is to recruit 100 botmasters to help start numerous lucrative online heists attacking 30 U.S. banks. Trojan.Prinimalka installs a proxy on the corrupted PC and then transfers system/Internet browser details back to the C&C. The botmasters can use this setup to ’spoof’ banking requests as the unsuspecting banking user. Trojan.Prinimalka is supported by Gozi and in some aspects is similar to it. Thus, Trojan.Prinimalka is also identified as Gozi Prinimalka. While being installed on the infected computer system, Trojan.Prinimalka changes the Windows Registry by adding the specific registry entry, which enables it to load automatically whenever you turn on the computer. Trojan.Prinimalka targets numerous bank web addresses by surreptitiously inserting a malevolent code to banking websites.

Type: Trojans

How Can You Detect Trojan.Prinimalka?

Download SpyHunter’s Detection Scanner
to Detect Trojan.Prinimalka.

Can’t install SpyHunter? Click here to view possible causes of installation issues.

Trojan.Prinimalka Removal Details

Trojan.Prinimalka has typically the following processes in memory:

%UserProfile%\govtemp1.exe
%UserProfile%\govold.exe

Trojan.Prinimalka creates the following files in the system:

%UserProfile%\govcookies.txt
%CD%\govcookies.dat

Trojan.Prinimalka creates the following registry entries:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “govid”
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “govopt_options”
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “govopt_command”
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “govopt_idproject”
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “govcontrol_crc”
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “govoptions”
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “govopt_server1″
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “govopt_file”
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “govopt_ss”
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “govbalance”
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “govShell”
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “govopt_reserv”
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “govopt_forms”
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “govopt_pstorage”
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “govopt_certs”
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “govopt_pauseopt”

Important Article Disclaimer

This entry was last updated on 10/30/12 and posted on 10/30/12. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.