PWSteal.Fareit

PWSteal.Fareit Description

PWSteal.Fareit is a terrible Trojan that is a dangerous threat to your computer system and personal information. PWSteal.Fareit can drop other high-risk malware infections and is difficult to detect, because some PWSteal.Fareit's files use a rootkit method to disguise the processes of PWSteal.Fareit. If you spot the malicious application running inside your Windows system, delete all infected files and uninstall PWSteal.Fareit from your machine as early as you can. PWSteal.Fareit uses software packing procedures to access your PC system. PWSteal.Fareit can collect your private details and drop other malware threats. After successful installation, PWSteal.Fareit will restrict you from accessing Windows Registry and Task Manager, and won't allow you to delete the essential components of PWSteal.Fareit. The malicious components of PWSteal.Fareit can send emails via SMTP protocols, contact other PCs, download unsafe content from the web, generate IE toolbar extensions (iexplore.exe) and even trace your browsing activities. These files cannot be detected by actual security software and work together to disable Windows Security Center processes. Remove PWSteal.Fareit before it harms your computer system.

Aliases: Trj/OCJ.E [Panda], PSW.Generic11.IWK [AVG], W32/Tepfer.JCRZ!tr.pws [Fortinet], Trojan-PSW.Win32.Tepfer (A), Gen:Variant.Zusy.45431 [BitDefender], Trojan-PSW.Win32.Tepfer.jcrz [Kaspersky], Win32:Downloader-TCM [Trj] [Avast], TROJ_GEN.RCBCDDT, Suspicious_Gen5.WSTQ, Trojan.PWS.Tepfer!PgcDPFPg82Y, Artemis!5957EEF06CE4 [McAfee], Trj/Dtcontx.A [Panda], SHeur4.AZNP [AVG], W32/Yakes.BRQC!tr [Fortinet] and Virus.Win32.CeeInject [Ikarus].

Technical Information

File System Details

PWSteal.Fareit creates the following file(s):
# File Name Size MD5 Detection Count
1 %USERPROFILE%\Application Data\dwme.exe 289,792 cc6f0b2fd70c63672de6c1249f0e9cbb 137
2 %SystemDrive%\Users\cheungkx\AppData\Local\zljlvtoxhmvM.exe 196,608 22f6f8064d43c9271574ef0d2698889c 49
3 %SystemDrive%\Documents and Settings\Autocara\Application Data\csrsss.exe 147,960 d974a50833111e26cecd0ecd7d36bcf6 15
4 %USERPROFILE%\Application Data\svhostu.exe 105,984 0f98a3a23e013479bffab7f233ce39a4 14
5 %USERPROFILE%\My Documents\FAX_20120811_5506887384_8.pdf.exe 94,208 f060ba7a5a4660494cce673c24feb15f 9
6 %PROGRAMFILES(x86)%\LP\7808\170.exe 289,792 9c4243b8df3c2b0eb069c18b3afaf608 6
7 %APPDATA%\Microsoft\F0C7\C6F.exe 292,864 f447a6233c1d8f26183ec9835d2754d3 5
8 %PROGRAMFILES(x86)%\LP\6E80\4BE.exe 289,792 4651d7e2baa354742863ea2d1ce66872 3
9 %PROGRAMFILES(x86)%\LP\9AA8\06D.exe 288,256 4d722ed619351b71d585a0adc5a5370d 2
10 %APPDATA%java.exe 2,916,864 c1c763dd72fe3f55c2ffe0e5833743ad 2
11 %APPDATA%\Microsoft\2307\EAA.exe 286,208 10dd6fc881e4f09d7da5036d5833ffd7 1
12 %PROGRAMFILES%\LP\9823\644.exe 292,352 8023bde63e18907c9fb614749ddf1952 1
13 %USERPROFILE%\Application Data\iexplore.exe 280,064 0fa353ae401cf237fb06de60734c8444 1
14 %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\YOUTUBE.PLAYER.exe 94,208 0e90bb9ddcb98e1e2759858b0b74bbce 1
15 %ALLUSERSPROFILE%\Local Settings\Temp\msromko.com 138,240 5957eef06ce4f0f930925651dbb40ade 1
16 gwkkIIVrlON.exe N/A
17 nHH55sWJJ7EL8RZ.exe N/A
18 fcunfcogfupdt32.dll N/A
19 6B9.exe N/A
20 7D7.exe N/A
21 8B8.exe N/A
22 F7ddEL8gTZqYCkV.exe N/A
23 d000uvvS2ibFpn5.exe N/A
24 306.exe N/A
25 wmplayer.exe N/A
26 4D7.exe N/A
27 GoogleNotifierOnline.dll N/A
28 14247e.exe N/A
29 93F.exe N/A
30 C6F.exe N/A
31 hWWWK77fRL9g.exe N/A
32 djjUUCeekIrzPyA.exe N/A
33 A66ssWKK7fE9gZq.exe N/A
34 E33.exe N/A
35 8EE.exe N/A
36 41816797-5016.exe N/A
37 be792753.dll N/A
38 A89.exe N/A
39 AE947CD1935.exe N/A
40 kdhr.exe N/A
41 56b272665e56a3504669ec2860e8dcfa 106,496 56b272665e56a3504669ec2860e8dcfa 0
42 4c770a9bd1e8373a1ebd4a9f2245c315 608,320 4c770a9bd1e8373a1ebd4a9f2245c315 0
More files

Related Posts

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.