TROJ_XORPE.JAN
Windows 2000, Windows XP, Windows Server 2003
Threat Type: Trojan
Destructiveness: No
Encrypted: Yes
In the wild: Yes
OVERVIEW
This Trojan is a module that belongs to a crimeware called "DLoader". While the said tool is primarily used to install malware to target systems, this module gives the crimeware additional functionality to steal sensitive information, such as FTP credentials and online poker accounts.
To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below.
This Trojan arrives as a file that exports the functions of other malware/grayware. It may arrive bundled with malware packages as a malware component.
TECHNICAL DETAILS
Arrival Details
This Trojan arrives as a file that exports the functions of other malware/grayware.
It may arrive bundled with malware packages as a malware component.
NOTES:
Other Details
This is the Trend Micro detection for:
- modules related to a hacking tool called DLoader, a Web-based administration tool that allows cybercriminals to manage malware installed on their victim's machines. This module gives additional functionality to the tool, such as stealing FTP credentials and login information for popular online poker sites.
SOLUTION
Step 1
For Windows XP and Windows Server 2003 users, before doing any scans, please make sure you disable System Restore to allow full scanning of your computer.
Step 2
Scan your computer with your Trend Micro product to delete files detected as TROJ_XORPE.JAN . If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.
Did this description help? Tell us how we did.