Trojan:Win32/Opachki.H

Trojan:Win32/Opachki.H was first detected in the wild in February of 2012. It has several aliases, including Mal_DLDER and Sus/Behav-1015. ESG security analysts consider that Trojan:Win32/Opachki.H is a severe threat to a computer system's security and has the potential to place the infected computer system in the hands of a remote attacker. Because of this, Trojan:Win32/Opachki.H infection should be taken very seriously and removed immediately with a reliable anti-malware program. Like most Trojans, Trojan:Win32/Opachki.H cannot spread on its own and usually requires a secondary malware infection (usually a dropper or downloader Trojan) in order to install Trojan:Win32/Opachki.H on the victim's computer system. Trojan:Win32/Opachki.H can also be spread using social engineering methods, that is, making the victim believe that Trojan:Win32/Opachki.H is actually a beneficial file.

Symptoms of Trojan:Win32/Opachki.H Infection

Trojan:Win32/Opachki.H will usually appear as an EXE or DAT file on the victim's computer system. Often Trojan:Win32/Opachki.H will be named crrss.exe and be installed on the system folder. It will also have a couple of associated files in the administrator directory within the documents and settings folder. As part of its installation process, Trojan:Win32/Opachki.H makes changes to the Windows Registry that allow Trojan:Win32/Opachki.H to run automatically when Windows starts up. Besides the presence of its malicious files and registry entries, Trojan:Win32/Opachki.H will not cause any specific symptoms on an infected computer system. This is because criminals often use Trojan:Win32/Opachki.H to steal valuable personal information, a task that usually requires that Trojan:Win32/Opachki.H infection remains silent on the victim's hard drive.

An Overview of Trojan:Win32/Opachki.H Payload

After installing its malicious files and making its changes to the Windows Registry, Trojan:Win32/Opachki.H attempts to contact a remote server. Using port 8080, Trojan:Win32/Opachki.H will attempt to connect to either glsbid.com or porngaz.com. Once Trojan:Win32/Opachki.H has established contact with its command and control server, Trojan:Win32/Opachki.H can report that the victim's computer has been compromised, receive new configuration data, download additional malware from the remote server, receive instructions or send out information about the infected computer system. The main purpose of Trojan:Win32/Opachki.H is to set up a connection with an alien server so that criminals can then install other malware, including spy Trojans and a remote access Trojan.