Threat Database Trojans Trojan.Katusha

Trojan.Katusha

By GoldSparrow in Trojans

Threat Scorecard

Ranking: 16,245
Threat Level: 90 % (High)
Infected Computers: 3,616
First Seen: July 24, 2009
Last Seen: August 20, 2023
OS(es) Affected: Windows

The Trojan.Katusha Trojan is a malware infection that is typically spread through external memory devices. Trojan.Katusha is designed to steal confidential information and to relay it to a remote server. While Trojan.Katusha is a threat to your privacy, Trojan.Katusha is not particularly difficult to remove. Furthermore, ESG security researchers have identified a Windows update that may result in a false positive detection of Trojan.Katusha. First discovered in spring of 2010, Trojan.Katusha is still relatively isolated and has not infected many computers around the world. This malware threat is designed to infect 32 bit Windows platforms and, like most Trojans, does not have the capacity to spread on its own. Rather, Trojan.Katusha is usually disguised as a benign or useful application which the user himself downloads and installs onto his computer. Although Trojan.Katusha may be linked to a rootkit infection, Trojan.Katusha itself does not have the capacity to reinstall itself automatically once Trojan.Katusha has been removed with a reliable anti-virus application. Trojan.Katusha has also been linked with various fake security programs and anti-viruses, with clones which include the detection string "FakeAV."

 

Effects of Trojan.Katusha and How to Protect Your PC

As was mentioned before Trojan.Katusha enters a computer system with the help of another application or through social engineering, that is, taking advantage of human nature in order to deceive its victims. Once installed, Trojan.Katusha will copy itself onto various system folders and in the program files folder on your windows system. It will then connect to a remote server and download various files onto the victim's temporary files folder. Trojan.Katusha makes changes to the Windows Registry to execute automatically whenever the infected computer is booted. These changes allow Trojan.Katusha to connect to a remote server and transmit any information Trojan.Katusha may have gathered on its victim's computer system. In some versions of Windows, it may be possible to use System Restore to go back to a point before the infection. ESG security researchers also recommend disabling automatic back-ups until you eliminate Trojan.Katusha, since you may inadvertently copy Trojan.Katusha along with your data. To prevent Trojan.Katusha from starting up automatically, ESG security researchers recommend starting up Windows in Safe Mode by simply pressing the F8 key during start up.

Aliases

15 security vendors flagged this file as malicious.

Anti-Virus Software Detection
Symantec Trojan.FakeAV!gen29
Sunbelt VirTool.Win32.Obfuscator.hg!b (v)
Sophos Mal/FakeAV-CX
Panda W32/Autoit.KT
NOD32 a variant of Win32/Kryptik.EWP
Microsoft TrojanDownloader:Win32/Renos.LX
McAfee Downloader-CEW.b
eTrust-Vet Win32/FakeCodec.C!generic
DrWeb Trojan.Siggen1.40126
AVG Downloader.Generic9.CBGS
Authentium W32/FakeAlert.GZ.gen!Eldorado
AhnLab-V3 Win-Trojan/Agent.176128.IO
Panda Suspicious file
Ikarus Virus.Packed.Win32.Katusha
F-Secure Suspicious:W32/Malware!Gemini

SpyHunter Detects & Remove Trojan.Katusha

File System Details

Trojan.Katusha may create the following file(s):
# File Name MD5 Detections
1. Free KLP.exe d3df5712baf1dea02bf952b59b042564 3,228
2. ohydy.exe d4345f2d7b03cc07a19c5969155e7d70 269
3. svchost.exe 2a2383987f5525bac2108aa1de065b74 29
4. Mcojoa.exe 5244a690c6ba42c2b095fbf1b9395466 6
5. svchost.exe 4b5f7ab329dc82eef7a16a08d9a02852 3
6. win32extension.dll 9d449cc08152ee8f3738549205342c66 0
7. win32extension.dll 0188bb7dbef3ca94d3116c67c015d98b 0
8. win32extension.dll 7525fa0dbbbcfb2be351710a4920cab6 0
9. win32extension.dll 0bd901a7882c55ba6e9edcf61b04beda 0
10. win32extension.dll 9da6bb235861b1240560d22a46bd1453 0
11. win32extension.dll 28c957427ec122d9cc663259ebfa0816 0
12. win32extension.dll e1bbbbfced68a9275d4cf223c8b771de 0
13. win32extension.dll c691619abd91f2e55b1195c3b7dfd6fe 0
14. win32extension.dll 1449eb0393ff723dd66c8bc889859922 0
15. win32extension.dll 7462653f70aab2143984a9cf62163fb6 0
16. win32extension.dll 7bfdf3429671d30e167f1da935edd236 0
17. win32extension.dll 2a625fcb048f8c3c21f8c489e0be1676 0
18. win32extension.dll 79f799886829869739bfe8de93c827f2 0
19. win32extension.dll 1de348e8177ad1e4dc2788621d8fa5b0 0
20. win32extension.dll 2592ba152207599425e06ae21904340b 0
21. win32extension.dll f820732a102419049c3c42b5bbb9c3f7 0
22. win32extension.dll 9215f341fabc80fc5dc1b5d9bc74e58b 0
23. win32extension.dll 1b9f0d1fa4204cfee051f5ff30b47de2 0
24. system.exe aeae34fe29a9b15c0d3eaba7b3521e4a 0
25. notepad.dll 45cddba5ef413e10576745fa4b1faf49 0
26. 79F.tmp 4ba1a1b00e5b4f48509629edf04e6cce 0
27. dwtrig20microsoft.exe 3dc5d5c9498558f98d3ba036fc637836 0
More files

Registry Details

Trojan.Katusha may create the following registry entry or registry entries:
CLSID
{2E59498D-7E44-4452-9044-0973B080B9E8}

Trending

Most Viewed

Loading...