TROJ_ARTIEF.LWO
Posted: September 21, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 9/10 |
---|---|
Infected PCs: | 8 |
First Seen: | September 21, 2012 |
---|---|
OS(es) Affected: | Windows |
TROJ_ARTIEF.LWO is a malicious file attachment that's distributed in e-mail spamming campaigns. After tricking its victims into launching TROJ_ARTIEF.LWO through typical social engineering cons, TROJ_ARTIEF.LWO will install the backdoor Trojan PlugX. PlugX includes multiple components with a number of features, such as keylogging, screen-capturing and the ability to alter your Registry. While the TROJ_ARTIEF.LWO attack is one of the most obvious methods by which PlugX is distributed, PlugX may also use other infection vectors. As for TROJ_ARTIEF.LWO, the simplest solution is to delete TROJ_ARTIEF.LWO's e-mail messages without opening the accompanying attachments.
The Latest E-mail with a Trojan Just for You
TROJ_ARTIEF.LWO, while it's presented as a harmless text document, actually is a delivery vehicle for the PlugX Trojan – although TROJ_ARTIEF.LWO may also display a normal text document to distract you from its real payload. TROJ_ARTIEF.LWO is also detected by the aliases of Exp/20103333-A and Exploit:Win32/CVE-2010-3333, which identify the specific type of Microsoft Office exploit that TROJ_ARTIEF.LWO uses to attack your PC. Because TROJ_ARTIEF.LWO is sent to fresh PCs as an e-mail file attachment, SpywareRemove.com malware experts recommend that you be cautious about any unusual e-mails that encourage you to download an unfamiliar text file.
After you open TROJ_ARTIEF.LWO, it installs the first component of the PlugX Trojan: BKDR_PLUGX.SME, which proceeds to install three additional components. Not all of these files are overtly-malicious, and SpywareRemove.com malware researchers encourage the usage of anti-malware software for detecting and deleting all components of a PlugX infection. Once it's launched, PlugX also injects its code into the Windows process svchost.exe, which makes detection and removal of PlugX more difficult than it would be otherwise.
When Word Documents Become Interested in Everything That You Type
Even though TROJ_ARTIEF.LWO's part to play stops once PlugX is installed, various components of PlugX – including BKDR_PLUGX.BUT and BKDR_PLUGX.SME – will continue to attack your PC and grant criminals access to the system. Like many multicomponent Trojans, PlugX is modular, and SpywareRemove.com malware research team has noted the following functions designated to some of its most important modules:
- The XPlugKeylogger and XPlugScreen modules include spyware features to steal information that's typed (via keylogging) or presented visually (via screenshots).
- XPlugRegedit modifies the Registry, which can control various security features, enable programs to launch automatically or disable other programs. XPlugProcess can also accomplish similar features through control over your computer's memory processes.
- Perhaps PlugX's most powerful module, XplugDisk manages PlugX's control over files and folders in general. This includes deleting files, launching them, moving them and renaming them.
Naturally, given these attack capabilities, SpywareRemove.com malware researchers suggest that you remove PlugX as quickly as you can get any access to a suitable anti-malware scanner. Related PC threats, such as the TROJ_ARTIEF.LWO, should also be detected and removed in thorough system scans when necessary.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%User Temp%\dw20.exe
File name: %User Temp%\dw20.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
%User Temp%\~WINWORD
File name: %User Temp%\~WINWORDGroup: Malware file
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.