Home Malware Programs Trojans TROJ_ARTIEF.LWO

TROJ_ARTIEF.LWO

Posted: September 21, 2012

Threat Metric

Threat Level: 9/10
Infected PCs: 8
First Seen: September 21, 2012
OS(es) Affected: Windows

TROJ_ARTIEF.LWO is a malicious file attachment that's distributed in e-mail spamming campaigns. After tricking its victims into launching TROJ_ARTIEF.LWO through typical social engineering cons, TROJ_ARTIEF.LWO will install the backdoor Trojan PlugX. PlugX includes multiple components with a number of features, such as keylogging, screen-capturing and the ability to alter your Registry. While the TROJ_ARTIEF.LWO attack is one of the most obvious methods by which PlugX is distributed, PlugX may also use other infection vectors. As for TROJ_ARTIEF.LWO, the simplest solution is to delete TROJ_ARTIEF.LWO's e-mail messages without opening the accompanying attachments.

The Latest E-mail with a Trojan Just for You

TROJ_ARTIEF.LWO, while it's presented as a harmless text document, actually is a delivery vehicle for the PlugX Trojan – although TROJ_ARTIEF.LWO may also display a normal text document to distract you from its real payload. TROJ_ARTIEF.LWO is also detected by the aliases of Exp/20103333-A and Exploit:Win32/CVE-2010-3333, which identify the specific type of Microsoft Office exploit that TROJ_ARTIEF.LWO uses to attack your PC. Because TROJ_ARTIEF.LWO is sent to fresh PCs as an e-mail file attachment, SpywareRemove.com malware experts recommend that you be cautious about any unusual e-mails that encourage you to download an unfamiliar text file.

After you open TROJ_ARTIEF.LWO, it installs the first component of the PlugX Trojan: BKDR_PLUGX.SME, which proceeds to install three additional components. Not all of these files are overtly-malicious, and SpywareRemove.com malware researchers encourage the usage of anti-malware software for detecting and deleting all components of a PlugX infection. Once it's launched, PlugX also injects its code into the Windows process svchost.exe, which makes detection and removal of PlugX more difficult than it would be otherwise.

When Word Documents Become Interested in Everything That You Type

Even though TROJ_ARTIEF.LWO's part to play stops once PlugX is installed, various components of PlugX – including BKDR_PLUGX.BUT and BKDR_PLUGX.SME – will continue to attack your PC and grant criminals access to the system. Like many multicomponent Trojans, PlugX is modular, and SpywareRemove.com malware research team has noted the following functions designated to some of its most important modules:

  • The XPlugKeylogger and XPlugScreen modules include spyware features to steal information that's typed (via keylogging) or presented visually (via screenshots).
  • XPlugRegedit modifies the Registry, which can control various security features, enable programs to launch automatically or disable other programs. XPlugProcess can also accomplish similar features through control over your computer's memory processes.
  • Perhaps PlugX's most powerful module, XplugDisk manages PlugX's control over files and folders in general. This includes deleting files, launching them, moving them and renaming them.

Naturally, given these attack capabilities, SpywareRemove.com malware researchers suggest that you remove PlugX as quickly as you can get any access to a suitable anti-malware scanner. Related PC threats, such as the TROJ_ARTIEF.LWO, should also be detected and removed in thorough system scans when necessary.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%User Temp%\dw20.exe File name: %User Temp%\dw20.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%User Temp%\~WINWORD File name: %User Temp%\~WINWORD
Group: Malware file
Loading...