Mousetrap Trojan
Posted: March 22, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 8/10 |
---|---|
Infected PCs: | 316 |
First Seen: | March 22, 2012 |
---|---|
Last Seen: | August 2, 2021 |
OS(es) Affected: | Windows |
The Mousetrap Trojan is a Trojan that's disguised as a fake Flash update and serves as one of multiple PC threats that are used to distribute multiple types of banker Trojans. Since Mousetrap Trojan is inserted into websites in the form of malicious Java applets, Mousetrap Trojan can be hosted on innocent websites that have been hacked, as well as by intentionally harmful sites. Symptoms of Mousetrap Trojan's actions are essentially nonexistent, since Mousetrap Trojan limits its attacks to installing a second Trojan, that, in turn, installs a banking Trojan and then deletes itself. The banking Trojan is selected from one of a dozen hard-coded possibilities, but will always try to steal bank-related information, such as your bank account password, clandestinely. SpywareRemove.com malware experts note the importance of avoiding suspicious Flash updates, since avoiding Mousetrap Trojan's delivery method is noticeably easier than deleting the banking Trojan that Mousetrap Trojan helps to install onto your PC. If you think you have been infected by a Mousetrap Trojan-related Trojan, it's recommended that you disinfect your PC with a qualified anti-malware program and speak to your bank about further security measures.
Mousetrap Trojan – Just the Humble Start of a Series of Disasters for Your PC's Privacy
The Mousetrap Trojan is distributed throughout various sites while being disguised to look like yet another Flash update from Adobe. However, the Mousetrap Trojan actually is written in Java, and, hence can be avoided completely if you disable JavaScript or don't have it installed on your PC. SpywareRemove.com malware researchers note that selectively disabling Java is a feature for most popular web browsers and that many anti-malware programs possess additional features that can detect unauthorized downloads and malicious software like the Mousetrap Trojan.
If you try to install the Mousetrap Trojan's fake update, instead of getting a new version of Flash, you'll wind up with another Trojan. This Trojan downloader is designed to install one of multiple types of banking Trojans and then remove itself to avoid potential detection. SpywareRemove.com malware analysts have found that although the list of banking Trojans is hard-coded, these Trojans are able to update themselves from various servers and may not be detectable unless your anti-malware programs are, likewise, updated. Mousetrap Trojans are identified by the label Trojan.Downloader.Java.OpenConnection.BA, while the temporary Trojan bears the name Trojan.Generic.KD.218227.
Sparing Your Bank Account from the Sting of the Mousetrap Trojan
The eventual payload that Mousetrap Trojan is designed to sneak onto your computer involves attacks that can steal personal information directly from your bank account – this can include injecting spyware code into normal bank sites or redirecting you to phishing sites that are designed to resemble legitimate websites. Due to the negligible symptoms banking Trojans create, SpywareRemove.com malware experts suggest that you avoid entering personal information on your PC until you're certain that your anti-malware products have completely deleted all traces of the Mousetrap Trojan's banking Trojan.
After you've removed the Trojan in question, you may also want to contact your bank for further advice on how to protect your bank account. If any information is stolen from your PC prior to the Trojan's deletion, your account can still be targeted by attacks from Mousetrap Trojan's hacker partners.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:C:\Users\<username>\AppData\Roaming\37cd4b27d0fdba7a6001bd8c6f8cbd08bc0805a532e861be7aa3af288af0fc4b.js
File name: 37cd4b27d0fdba7a6001bd8c6f8cbd08bc0805a532e861be7aa3af288af0fc4b.jsSize: 106.64 KB (106643 bytes)
MD5: 0734d82c472d619bb304954fe29b569c
Detection count: 33
File type: JavaScript file
Mime Type: unknown/js
Path: C:\Users\<username>\AppData\Roaming
Group: Malware file
Last Updated: August 27, 2020
C:\Users\<username>\AppData\Roaming\LhBGYGWvRE.js
File name: LhBGYGWvRE.jsSize: 39.51 KB (39515 bytes)
MD5: 417966e39f3611d46c46b04e956a3ac0
Detection count: 21
File type: JavaScript file
Mime Type: unknown/js
Path: C:\Users\<username>\AppData\Roaming
Group: Malware file
Last Updated: June 26, 2019
Registry Modifications
Regexp file mask%APPDATA%\kl-plugin.exe
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.