LTS Secure Warning: How to remove Trojan:W32/Injector

Trojan:Win32/Injector is a malicious program that is unable to spread on its own. It performs a number of actions of an attacker’s choice on an affected computer. Injector malware is most commonly (but not exclusively) Windows executable (EXE) and JavaScript files. As with any other malware, they may be delivered via spam emails, exploit kits or as part of the payload of another malware.

Injector trojans insert malicious code into processes running on a computer in order to perform various actions, such as downloading additional malware, interfering with web browsing activities, or monitoring the user’s actions.

Technical Details

When any program is launched on a device, it will create one or more processes in the device’s operating system to run its instructions. When malware ‘injects’ code into one of the program’s processes, the introduced code can force the program to behave unexpectedly.

When executed, Trojan:Win32/Injector copies itself to the following locations:

<system folder>\445ee588acc0e9de1694.exe

c:\documents and settings\administrator\application data\jnobiba\871ed650acc0e9de80ed.exe

c:\documents and settings\administrator\local settings\temp\emppslffyg.pre

All process regarding the working of Trojan.Injector will be set to boot up together with Windows. This is done by modifying your system’s registry. However, the registry will not be only thing that will be modified. The Trojan will also reconfigure your firewall settings and modify your login settings. Once it is up and running, this intruder can download further infections onto your computer. It can transfer adware, worms, spyware, and other harmful viruses. These expose your computer to further virtual threats.

Impact

As there are many Injector malware families, the actions an Injector Trojan can take differ greatly depending on the specific variant. The following are a few of the most typical behaviors:

• Corrupting the program’s data.
• Granting unauthorized access to data.
• Crashing the program or causing a denial of service.
• Monitoring or manipulating web browser activity
• Monitoring or manipulating user actions on the affected device.
• Downloading additional programs or components onto the affected device.
• Allowing a remote attacker to completely take control of the affected device.

Recommended Action

• Make sure that your FortiGate/FortiClient system is using the latest AV database.
• Quarantine/delete files that are detected and replace infected files with clean backup copies.

Microsoft has released security advisory for Trojan:Win32/Injector.