Skip to Main Content

Trouble with Trojans

Common examples include trojanized mobile apps (usually spoofed versions of popular apps like Angry Birds and Bad Piggies) and even trojanized antivirus software (it pretends to be scanning your computer, and then suggests that you install a fake AV program to ‘fix’ some problems).

All versions of Avira’s security software detect trojans, so you are safe. But, because Trojan malware relies upon “social engineering” tactics, you should be aware of the types of Trojans that are at play. This month, Avira’s OASYS (Online Analysis System) found an increase in three particular Trojans:

Zbot Trojan

The Zeus Bot family is one of the most widely spread Trojans. It was one of the first Trojans to be sold as a framework via underground forums. By framework, we mean that the Trojan malware itself can be purchased on the black market and customized using configuration tools. The latest versions belong to the Gameover Zeus Botnet – which is used to steal massive amounts of online banking information, email and social network credentials, or just to infect other machines with Zeus or CryptoLocker. The main purpose of Zeus is to gather money through ransom activities or stolen online banking credentials.

Vundo Trojan

The Vundo Trojan family is most likely used to display advertisements for rogue and fake AV programs. To hide itself in your computer system, Vundo uses several tricks to disable local firewalls and anti-virus software, as well as to disable Windows updates. To have better control over what the user is doing, Vundo Trojans usually install a combination of “Browser Helper Objects” and “DLLs.” They are used to display advertisements in the browser as well as to initiating drive-by downloads.

Reveton Trojan

The Reveton Trojan family is a typical ransomware which is based on the Citadel Trojan, which itself is based on the Zeus Trojan. Reveton’s payload is usually some sort of ransomware. In Germany they are called BKA Trojaner. They use official logos from law enforcement agencies to look legitimate. Such ransomware blocks the access to the desktop by displaying an official-looking page which tells the user that his computer had been used for illegal activities such as downloading pirated software, child pornography, or copyright violations. Usually some anonymous prepaid cash service like Ukash or Paysafecard is needed to unlock the PC.

How to Remove Trojans:

If you run Avira on all your devices, you should be safe. If you suspect a Trojan malware infection but you don’t know what brand of antivirus software is running on the computer, try using Avira’s free PC Cleaner to run a scan (it works with whatever existing antivirus software is there). If the computer won’t boot at all, you can use Avira’s free Rescue System to create an emergency boot disk.

If you need more help you might try visiting Avira Answers, which is an online community of helpful computer experts.

Be safe out there!

This post is also available in: German

Avira, a company with over 100 million customers and more than 500 employees, is a worldwide leading supplier of self-developed security solutions for professional and private use. With more than 25 years of experience, the company is a pioneer in its field.