Trojan.Katusha
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Ranking: | 16,245 |
Threat Level: | 90 % (High) |
Infected Computers: | 3,616 |
First Seen: | July 24, 2009 |
Last Seen: | August 20, 2023 |
OS(es) Affected: | Windows |
The Trojan.Katusha Trojan is a malware infection that is typically spread through external memory devices. Trojan.Katusha is designed to steal confidential information and to relay it to a remote server. While Trojan.Katusha is a threat to your privacy, Trojan.Katusha is not particularly difficult to remove. Furthermore, ESG security researchers have identified a Windows update that may result in a false positive detection of Trojan.Katusha. First discovered in spring of 2010, Trojan.Katusha is still relatively isolated and has not infected many computers around the world. This malware threat is designed to infect 32 bit Windows platforms and, like most Trojans, does not have the capacity to spread on its own. Rather, Trojan.Katusha is usually disguised as a benign or useful application which the user himself downloads and installs onto his computer. Although Trojan.Katusha may be linked to a rootkit infection, Trojan.Katusha itself does not have the capacity to reinstall itself automatically once Trojan.Katusha has been removed with a reliable anti-virus application. Trojan.Katusha has also been linked with various fake security programs and anti-viruses, with clones which include the detection string "FakeAV."
Table of Contents
Effects of Trojan.Katusha and How to Protect Your PC
As was mentioned before Trojan.Katusha enters a computer system with the help of another application or through social engineering, that is, taking advantage of human nature in order to deceive its victims. Once installed, Trojan.Katusha will copy itself onto various system folders and in the program files folder on your windows system. It will then connect to a remote server and download various files onto the victim's temporary files folder. Trojan.Katusha makes changes to the Windows Registry to execute automatically whenever the infected computer is booted. These changes allow Trojan.Katusha to connect to a remote server and transmit any information Trojan.Katusha may have gathered on its victim's computer system. In some versions of Windows, it may be possible to use System Restore to go back to a point before the infection. ESG security researchers also recommend disabling automatic back-ups until you eliminate Trojan.Katusha, since you may inadvertently copy Trojan.Katusha along with your data. To prevent Trojan.Katusha from starting up automatically, ESG security researchers recommend starting up Windows in Safe Mode by simply pressing the F8 key during start up.
Aliases
15 security vendors flagged this file as malicious.
Anti-Virus Software | Detection |
---|---|
Symantec | Trojan.FakeAV!gen29 |
Sunbelt | VirTool.Win32.Obfuscator.hg!b (v) |
Sophos | Mal/FakeAV-CX |
Panda | W32/Autoit.KT |
NOD32 | a variant of Win32/Kryptik.EWP |
Microsoft | TrojanDownloader:Win32/Renos.LX |
McAfee | Downloader-CEW.b |
eTrust-Vet | Win32/FakeCodec.C!generic |
DrWeb | Trojan.Siggen1.40126 |
AVG | Downloader.Generic9.CBGS |
Authentium | W32/FakeAlert.GZ.gen!Eldorado |
AhnLab-V3 | Win-Trojan/Agent.176128.IO |
Panda | Suspicious file |
Ikarus | Virus.Packed.Win32.Katusha |
F-Secure | Suspicious:W32/Malware!Gemini |
SpyHunter Detects & Remove Trojan.Katusha
File System Details
# | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|---|
1. | Free KLP.exe | d3df5712baf1dea02bf952b59b042564 | 3,228 |
2. | ohydy.exe | d4345f2d7b03cc07a19c5969155e7d70 | 269 |
3. | svchost.exe | 2a2383987f5525bac2108aa1de065b74 | 29 |
4. | Mcojoa.exe | 5244a690c6ba42c2b095fbf1b9395466 | 6 |
5. | svchost.exe | 4b5f7ab329dc82eef7a16a08d9a02852 | 3 |
6. | win32extension.dll | 9d449cc08152ee8f3738549205342c66 | 0 |
7. | win32extension.dll | 0188bb7dbef3ca94d3116c67c015d98b | 0 |
8. | win32extension.dll | 7525fa0dbbbcfb2be351710a4920cab6 | 0 |
9. | win32extension.dll | 0bd901a7882c55ba6e9edcf61b04beda | 0 |
10. | win32extension.dll | 9da6bb235861b1240560d22a46bd1453 | 0 |
11. | win32extension.dll | 28c957427ec122d9cc663259ebfa0816 | 0 |
12. | win32extension.dll | e1bbbbfced68a9275d4cf223c8b771de | 0 |
13. | win32extension.dll | c691619abd91f2e55b1195c3b7dfd6fe | 0 |
14. | win32extension.dll | 1449eb0393ff723dd66c8bc889859922 | 0 |
15. | win32extension.dll | 7462653f70aab2143984a9cf62163fb6 | 0 |
16. | win32extension.dll | 7bfdf3429671d30e167f1da935edd236 | 0 |
17. | win32extension.dll | 2a625fcb048f8c3c21f8c489e0be1676 | 0 |
18. | win32extension.dll | 79f799886829869739bfe8de93c827f2 | 0 |
19. | win32extension.dll | 1de348e8177ad1e4dc2788621d8fa5b0 | 0 |
20. | win32extension.dll | 2592ba152207599425e06ae21904340b | 0 |
21. | win32extension.dll | f820732a102419049c3c42b5bbb9c3f7 | 0 |
22. | win32extension.dll | 9215f341fabc80fc5dc1b5d9bc74e58b | 0 |
23. | win32extension.dll | 1b9f0d1fa4204cfee051f5ff30b47de2 | 0 |
24. | system.exe | aeae34fe29a9b15c0d3eaba7b3521e4a | 0 |
25. | notepad.dll | 45cddba5ef413e10576745fa4b1faf49 | 0 |
26. | 79F.tmp | 4ba1a1b00e5b4f48509629edf04e6cce | 0 |
27. | dwtrig20microsoft.exe | 3dc5d5c9498558f98d3ba036fc637836 | 0 |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.