Home Malware Programs Trojans Trojan.Tatanarg

Trojan.Tatanarg

Posted: March 3, 2011

As an extremely sophisticated and nearly invisible PC threat, the Trojan.Tatanarg can be difficult to detect and even more difficult to delete successfully. Trojan.Tatanarg targets online banking account-related information and uses various well-developed mechanisms to accomplish this without tipping the user off to the intrusion. If you perform any online banking activities, it's imperative that you keep your anti-malware programs updated and running at all times, since preventing Trojan.Tatanarg's initial infection may save you from having your entire bank account wiped out.

Trojan.Tatanarg is a Trojan that's Far From An Easy Target

Trojan.Tatanarg has had different versions in the wild for about a year, and its base code is theorized to be developed from the malware known as W32.Spamuzle. This may make it a little easier for anti-malware programs to detect Trojan.Tatanarg before it can burrow too deeply into your computer, which is a fine thing, since its methods of concealing itself once it gets inside are quite advanced!

Infections of Trojan.Tatanarg will use a standard malware trick of corrupting the Windows registry to enable execution during startup and running in the background. You will not notice Trojan.Tatanarg if you hunt for it in your processes, however, because Trojan.Tatanarg uses rootkit techniques to hide its process from easy view.

Trojan.Tatanarg may be able to drop other malware onto your computer, including various encrypted Trojan modules, and is also capable of blocking access to security software, injecting malicious HTML code into harmless web pages and allowing remote attackers to access your system. Surprisingly, these things aren't even the worst attacks Trojan.Tatanarg is capable of; it has far worse things in store for anyone who uses online banking services.

Online Bankers, Meet Your Arch-Enemy

Seeing Trojan.Tatanarg pop up in the provided anti-virus scan results is the worst nightmare of anyone who does any banking activities online, because this Trojan's man purpose is to steal banking information. By hijacking SSL connections and creating new ones with certificates signed by itself, Trojan.Tatanarg can create a perfect proxy replica of a secure banking web page. Trojan.Tatanarg can even block system alerts about this activity and create appropriate security exceptions for itself!

Visually there are no distinguishing traits between a Trojan.Tatanarg proxy and the true bank website; even the padlock icon and HTTPS prefix are all used to keep up appearances. Yet instead of giving your information to a bank, you're giving it to Trojan.Tatanarg and the wily hacker behind it.

Manually looking at the issuer of the certificate may let you detect Trojan.Tatanarg's subtle insertion of itself between you and your bank. Anyone who uses banks online will definitely want to delete Trojan.Tatanarg wherever there's a hint of its presence, and if at all possible entirely avoid catching the Trojan infection!

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %UserProfile%\Application Data\Help\coredb\storage
    2 %UserProfile%\Application Data\Microsoft\Internet Explorer\report.exe
    3 %UserProfile%\Local Settings\Temp\mycom.crt
    4 %UserProfile%\Local Settings\Temp\report.dll
    5 %UserProfile%\Local Settings\Temp\worklog0
    6 %Windir%\system32\drivers\atmapi.sys

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\"c:\windows\explorer.exe" = "c:\windows\explorer.exe:*:Enabled:explorer"Hey there! If you cannot solve the issue with the instructions or need any other assistance, please talk to an online Tee Support expert 24/7.Posted in How To Guide, Spyware/Virus/Malware Removal Guide, Spyware/Virus/Malware Removal Service | No Comments ยปTags: how to delete Trojan.Tatanarg, how to get rid of Trojan.Tatanarg, How To Guide, remove Trojan.Tatanarg, Trojan.Tatanarg, Trojan.Tatanarg removalWarm note: If any mistakes are made in the manual removal process, it could damage your whole system. Tee Support can help you detect and protect from malicious Trojan.Tatanarg threats.

Related Posts

Loading...