TSPY_GEDDEL.EVL
The TSPY_GEDDEL.EVL Trojan is a malicious spy Trojan that is closely linked to the TROJ_MDROP.GDL dropper. TSPY_GEDDEL.EVL usually spreads through spam email scams, most recently through a malicious email message claiming to contain an attachment with news about the Bo Xilai's political scandal (a well-publicized news story in Chinese politics). TSPY_GEDDEL.EVL is embedded within a fake DOC file attachment which attempts to exploit the well-known CVE-2012-0158 Microsoft vulnerability, which has already been patched in a critical security update. The best way to protect yourself from TSPY_GEDDEL.EVL is to avoid opening unsolicited email attachments and ensuring that you have a strong spam filter to screen your incoming email messages.
A TSPY_GEDDEL.EVL Trojan infection will display little to no symptoms on the victim's computer system, which means that prevention is the best policy when it comes to this malware infection. TSPY_GEDDEL.EVL is designed to steal information related to bank and personal online accounts. Because of this, ESG security analysts consider that TSPY_GEDDEL.EVL poses a severe threat to your computer's security and to your privacy.
How Criminals Distribute TSPY_GEDDEL.EVL
Using the previously mentioned dropper Trojan, TSPY_GEDDEL.EVL is embedded within a fake DOC file. In reality, TSPY_GEDDEL.EVL is contained in a corrupted file with the RTF extension which then uses an embedded executable file containing the actual TSPY_GEDDEL.EVL Trojan. Opening the email attachment will result in a fake text file containing some basic information about Bo Xilai's scandal while TSPY_GEDDEL.EVL attack occurs in the background. This means that the attack can take place without the victim noticing that anything is wrong. Even worse, TSPY_GEDDEL.EVL can remain indefinitely on the victim's computer system without causing any symptoms or signs of infection.
If you have received this malicious email message and viewed its contents, it is highly likely that your computer has been exposed to this threat. Because of this, ESG security researchers strongly recommend following any exposure to malicious spam email with a complete scan of your system with a dedicated anti-malware tool. It is very important never to open unsolicited email attachments. It is also crucial to perceive that criminals often use breaking news stories to distribute malware, so any unsolicited email messages promising news updates should raise suspicion (even if they apparently come from a trusted news source).
File System Details
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %System Root%\WINDOWS\fxsst.dll | |
| 2. | %System Root%\Documents and Settings\All Users\Application Data\Windows NT\NtHelpKey.cfg | |
| 3. | %System Root%\Documents and Settings\All Users\Application Data\Windows NT\NtHelpKey.sbr | |
| 4. | %System Root%\Documents and Settings\All Users\Application Data\Windows NT\NtHelpIndex.sbr | |
| 5. | %System Root%\Documents and Settings\All Users\Application Data\Windows NT\common.cfg | |
| 6. | %System Root%\Documents and Settings\All Users\Application Data\Windows NT\Support\{numbers}.kb. | |
| 7. | %System Root%\Documents and Settings\All Users\Application Data\Windows NT\NtHelpConfig.log |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.