Tearspear

Tearspear Description

Tearspear is a Trojan downloader that is made to access remote websites and drop some harmful applications to the compromised PC. Tearspear distributes more malware infections and, thus, makes the affected PC unstable. TearSpear will run automatically every time you start Windows. Tearspear will attempt to connect to remote control servers and execute the instructions provided or drop other computer threats. Tearspear and the security infections it downloads will obtain access to all your computer data, especially if administrative account is hijacked. Therfore, all your passwords, banking details and privacy is set at risk. Even if any data isn't stolen by Tearspear, your machibe might be used for harmful actions like sending spam, initiating DDOS attacks and many other.

Aliases: Trj/Banker.JJG [Panda], SHeur3.BXDM [AVG], W32/Kryptik.HZ!tr [Fortinet], Trojan.Win32.Nedsym [Ikarus], a variant of Win32/Kryptik.NBZ, BScope.Zbot.01392, Win-Trojan/Zbot.53248.E [AhnLab-V3], TrojanDownloader.Agent.dzqy, Mal/EncPk-ABZ [Sophos], TR/Crypt.XPACK.Gen [AntiVir], FraudTool.Win32.AVSoft (v), Trojan.DownLoader2.45822 [DrWeb], Trojan.Agent/Gen-Fake[Plus], Trojan.DL.Agent!NsrDjCmxt0Q and Gen:Variant.Kazy.21061 [BitDefender].

Technical Information

File System Details

Tearspear creates the following file(s):
# File Name Size MD5 Detection Count
1 E:\F\New folder (2)t\U1102.exe\U1102.exe 1,314,816 20d69f6eb4fd2c10afe5568d7c973cf0 70
2 %TEMP%\Rar$EX04.047\v100c.exe 1,081,344 8f9da7522564789aa73f4810dba32d05 26
3 %COMMONPROGRAMFILES%\BOONTY Shared\Service\Boonty.exe 69,120 c6ebad40e10ff846903cc74d2d959fe0 15
4 %PROGRAMFILES%\Mx One Antivirus\mogtr.exe 51,712 5f88052df46e2420c00ab235f0ac4d52 2
5 %COMMONPROGRAMFILES(x86)%\Java\Java Update\jusched.exe 129,302 52ac8f3fcd65bf81d7ec056d595a72ec 2
6 %USERPROFILE%\Desktop\New Folder\2 - PROGRAMS\AviConverterSetup.exe 463,872 aedf8876534cafe5831c5f9626faad61 2
7 %WINDIR%\System32\BCxpO.dll 1,162,240 f257c6cd0994693b3232dd5771a4208d 2
8 %USERPROFILE%089k42avdv.exe 15,872 c8feb4de0b8766c8ef7e3a55a0e3ee92 2
9 %APPDATA%WinUpdateMon.exe 12,288 d3da22f1220dd3d8af7dae819c4954c8 2
10 %WINDIR%\system32\config\systemprofile\AppData\Roaming\rrmo2asv3zwxibdtllxucphrqkuo1pa2\csrss.exe 53,248 8b17a837b9e3cf261c31f6d2878b9498 1
11 c:\sxs2.exe N/A
12 %CommonPrograms%\startup\bios.exe N/A
13 %System%\ipxie.exe N/A
14 %System%\drivers\uzcx.exe N/A
15 %System%\wincom.exe N/A
16 %System%\spdsw.exe N/A
17 %System%\annaa.exe N/A
18 %System%\uwmuk.exe N/A
19 %Temp%\promo_tool_311.exe N/A
20 %Temp%\dproxy.exe N/A
21 %Windir%\svchostr.exe N/A
22 %Windir%\pienso-en-ti.exe N/A
23 %UserProfile%\install.exe N/A
24 c:\recycler\services\services.exe N/A
25 %DownloadedProgramFiles%\update_.exe N/A
26 %AppData%\winhlp64.exe N/A
27 %System%\bios.exe N/A
28 %System%\wdfmgr32.exe N/A
29 %System%\winsvc.exe N/A
30 %System%\mstds.exe N/A
31 %System%\sysudisk.exe N/A
32 %Temp%\ir_ext_temp_0\autoplay\scripts\prodigy.exe N/A
33 %Temp%\3.exe N/A
34 %Temp%\windows200_3\198994014.exe N/A
35 %Windir%\update.exe N/A
36 %Windir%\winhost.exe N/A
37 c:\nw.exe N/A
38 c:\tempst.exe N/A
39 %CommonPrograms%\startup\jvm0.exe N/A
40 %System%\jvm0.exe N/A
41 %System%\gzbgq.exe N/A
42 %System%\windwn32.exe N/A
43 %System%\liciaa.exe N/A
44 %System%\spoolsvc.exe N/A
45 %System%\downdll.dll N/A
46 %Temp%\tem1p.exe N/A
47 %Temp%\ieagent-dist.exe N/A
48 %Windir%\svchost.com N/A
49 %Windir%\windll.exe N/A
50 %System%\kurier9.scr N/A
More files

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.