TR/ATRAPS.Gen2

TR/ATRAPS.Gen2 is a generic detection to identify several Trojan or malware that shares the same characteristics. This detection method was created to classify threats that originates from the same group or families. As for last update (July 12, 2012), this Trojan is involved in spreading a hack tool that will generate revenue to the attacker. The detection method is expected to enhance as the Trojan develops.

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Windows Vista/7

Characteristics
TR/ATRAPS.Gen2 is a heuristic detection. As such, payloads may vary from one infection to another. There are no typical visible symptoms for this Trojan. However, most antivirus software will display an alert when encountering the illicit actions perpetuated by this threat.

Member of this family of Trojans are made with diverse sets of payloads. Thus, each variant have unusual effect on the PC. Some of the common actions it may initiate towards the infected computer are as follows:

  • TR/ATRAPS.Gen2 targets computer that visits explicit and other compromised web sites.
  • The Trojan can steal sensitive information from the infected computer.
  • It can also deactivate various Windows functions such as Registry Editor, Task Manager, and Folder Options.
  • The Trojan may help propagate rogue security applications and other malicious software.
  • It may connect to a distant computer to download additional malware.

Distribution
This kind of Trojan basically spread through infected web sites. In most occasions, TR/ATRAPS.Gen2 pretends as a coder/decoder (codec) that can be found on explicit web sites. Using a highly developed method, it often conceals itself from antivirus application. It has a tendency to end process that belongs to antivirus and firewall application. Moreover, TR/ATRAPS.Gen2 will drop several harmful files under Windows folder. However, the Trojan was not designed to spread locally via network transmission. 

Update antivirus program can block and delete TR/ATRAPS.Gen2 before it can infect a computer. Image below is a proof that antivirus program with real-time protection can prevent Trojan from infecting a system.

TR/ATRAPS.Gen2 Detection

How to Remove TR/ATRAPS.Gen2

Automatic Removal Procedure

1.Temporarily Disable System Restore if you are using Windows XP. For Windows Vista/7 users, you may use System Restore to return Windows to a previous clean state. However, you must have a saved restore points to accomplish this. Otherwise, proceed with the removal process.

2. Open your antivirus application and update the virus definition file. This method ensures that your antivirus program can detect even newer variants of TR/ATRAPS.Gen2

3. Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 on your keyboard repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Please select Safe Mode with Networking.
- The system will now boot Windows and loads only necessary drivers and files.

4. Open your antivirus program and run a full system scan. After the scan, delete all infected items. If unable, better place them in quarantine. Once the scan is complete, please proceed with the next step.

Rootkit Removal Procedure

TR/ATRAPS.Gen2

Anti-rootkit utility called TDSSKiller is a free tool from Kasperksy that neutralizes complicated malware which effectively hides its process, folders, files and registry entries.

1. Download TDSSKiller from this link. Save the file to your desktop.
2. Extract the contents using archiver applications.
3. Reboot the computer in Safe Mode to avoid TR/ATRAPS.Gen2 from loading at start-up. You may want to print this procedure as we have to restart the computer to complete the removal process.
- Restart the computer.
- Before Windows begins to load, press F8 on your keyboard.
- It will display an Advanced Boot Options menu. Select Safe Mode with Networking.
- Windows will now start in Safe Mode.

4. Locate and run the TDSSKiller.exe file.

5. On Object to Scan, please mark Services and drivers as well as Boot Sectors.
6. Click on Start Scan to begin scanning your system. This may take a while.
7. After the scan is finished, it will reboot the computer. That should complete the disinfection process.

Alternative Removal Method for TR/ATRAPS.Gen2

Option 1 : Use Windows System Restore to return Windows to previous state

If TR/ATRAPS.Gen2 enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before TR/ATRAPS.Gen2 infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.

Option 2 : TR/ATRAPS.Gen2 manual uninstall guide

IMPORTANT! Manual removal of TR/ATRAPS.Gen2 requires technical skills. Deleting system files and registry entries by mistake may result to total disability of Windows system. We advise you to perform a backup of registry before proceeding with this guide.

1. Kill any running process that belongs to TR/ATRAPS.Gen2.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for TR/ATRAPS.Gen2 files (refer to Technical Reference) and click End Process.

End Task

2. Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit and press Enter. This will open registry editor.
- Find and delete registry entries as mentioned in Technical Reference section below.
- Close registry editor. Changes made will be save automatically.

Run Regedit

3. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.

4. Delete all files dropped by TR/ATRAPS.Gen2.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Technical Reference'. Make sure that you execute 'End Task' first before deleting the file. Otherwise, the system will not let you perform this action.

Technical Reference

Associated Files and Folders: