Trojan.Carberp

This page contains detailed analysis on Trojan.Carberp. To get rid of this Trojan, please use the removal guide below.

Trojan.Carberp is a computer Trojan horse designed to collect sensitive data from a compromised computer. Trojan.Carberp will open a backdoor port to allow a remote attacker to gain access and control the infected PC. Disabling installed anti-virus software is this Trojan’s extra payload.

Alias: Troj/Agent-OZL, TROJ_CARBERP.A

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista/7

Characteristics
Trojan.Carberp drops a number of files and conceals them on the system using rootkit technology. This rootkit is also responsible why some antivirus programs fail to detect the infection. Temporary files are also created by the threat that may contain Trojan as well as valid Microsoft DLL files.

Next, Trojan.Carberp opens a backdoor channel that lets the computer to link with a given domains. Through this connection, other harmful files can be planted on the compromised system that can consist of other threats like Trojan.KillAv, Infostealer, and malware.

Trojan.KillAV attempts to end security process that are identified to antivirus programs and firewall. This Trojan configures your system to let Trojan.Carberp do its tasks on the computer.

Infostealer Trojan is used to steal confidential data including user name and passwords for local and online accounts. It logs victim’s key strokes to gather this information.

Other malware can be a simple virus to a dangerous threat that can hamper PC’s operation. It can harm system files that can lead to system crashes or total disability of the computer.

Distribution
Trojan.Carberp spreads through a number of means commonly employs by other similar threats. Study on this threat reveals that malicious links will direct victims to Trojan download page to infect the PC. These links will reach user via spam email messages, instant messaging software and risky blog comments.

Trojan.Carberp detection

How to Remove Trojan.Carberp

Step 1 : Restart Windows in SafeMode with Networking

Starting Windows is Safe Mode only loads minimal sets of files and drivers. Most start-up malware and viruses don't run in this mode because Windows only loads basic components to initiate the system.

NOTE: You will need to PRINT or BOOKMARK this procedure, as we have to restart the computer during the removal process.

To start Windows in Safe Mode with Networking, please do the following:

1. Remove all media such as floppy drive, cd, dvd, and USB devices. Then, restart the computer.

Boot in Safe Mode on Windows XP, Windows Vista, and Windows 7 system
a) Before Windows begins to load, press F8 on your keyboard.
b) It will display the Advanced Boot Options menu. Select Safe Mode.

Start computer in Safe Mode using Windows 8
a) Before Windows begins to load, press Shift and F8 on your keyboard.
b) On Recovery interface, click on 'See advanced repair options'.
c) Next, click on Troubleshoot option.
d) Then, select Advanced options from the list.
e) Lastly, please choose Windows Startup Settings and click on Restart. When Windows restarts, you will be send to a familiar Advanced Boot Options screen.
f) Select Safe Mode from the selections menu.

Safe Mode

2. Once the computer boots into Safe Mode with Networking, please proceed with the steps below.

Step 2 : Scan the Computer with TDSSKiller to Remove Trojan.Carberp

Anti-rootkit utility called TDSSKiller is a free tool from Kasperksy that neutralizes complicated malware which effectively hides its process, folders, files and registry entries.

1. Download TDSSKiller and save the file on your desktop or any accessible spot.

Download TDSSKiller

2. Extract the contents of downloaded file (tdsskiller.zip) using archiver programs like Winzip or Winrar.
3. Locate the folder where you extracted tdsskiller.zip and double-click the file TDSSKiller.exe to launch the scanner.
4. Once TDSSKiller is open, please mark Services and drivers as well as Boot Sectors. Picking these options ensures that the program will inspect boot sector and system files that are infected with Trojan.Carberp. Please refer to attached image.

TDSSKiller

5. Click on Start Scan button to begin scanning your system. This may take a while. You need to complete this process to make sure that the program detects and delete all components of Trojan.Carberp.
6. When scan has finished, you may restart Windows normally. This part of the removal process using TDSSKiller is now complete.

Step 3: Run Another Scan with ZeroAccess Fix Tool

This additional step will guarantee that no more components of Trojan.Carberp are present inside the computer. If in case the first scan fails to catch all threats, running ZeroAccess Fix Tool ensures that all remaining Trojans, viruses, and malware will be deleted.

1. Download the file FixZeroAccess.exe from the provided link. Save the file to accessible location like Windows desktop. This is a free tool created by Symantec to remove variants of Zeroaccess Trojan.

Download ZeroAccess Fix Tool

2. Close all open programs.
3. Browse for the location of the file FixZeroAccess.exe. Double-click on the file to run it. If it prompts for a security warning and ask if you want to run the file, please choose Run.
4. It will open a Zero Access Fix Tool End User License Agreement (EULA). You must accept this license agreement in order to proceed with Trojan.Carberp removal. Please click I Accept.
5. Finally, it displays a message and prepares the computer to restart. Please click on Proceed.

Zeroaccess Fix Tool

6. When it shows a message about 'Restarting System' please click on OK button.
7. After restarting the computer, the tool will display information about identified threats. Continue running the tool by following the prompts.
8. When it reaches the final step, the tool will show the scan result containing deleted components of Trojan.Carberp. Your computer is now free from any harm.

Ways to Prevent Trojan.Carberp Infection

Here are some guidelines to help defend your computer from virus attack and malware activities. Being fully protected does not have to be expensive.

Install protection software to block Trojan.Carberp and other threats

Having an effective anti-malware program is the best way to guard your computer against malware and threats. Although full version of anti-malware will cost some penny to obtain, it is still worthy to buy one. With real-time scan, it will be safer for you to browse the web, download files, and do more things online.

Get Protection Software

Keep all programs up to date

It is important to download critical update for installed programs. Software updates includes patches for security flaw that may utilize by an attacker to enter the computer. This flaw may be taken advantage by Trojan.Carberp, viruses, and malware to attack the computer. Crucial programs to watch for updates are MS Windows, MS Office, Adobe Flash, Adobe Acrobat, and Java Runtime.

Activate security features of your Internet browser

SmartScreen Filter, Phishing and Malware Protection, and Block Attack Sites are the respective security features of Internet Explorer, Google Chrome, and Mozilla Firefox. Although, it may not fully guard your computer from online attack, at least it can lessen the risk. Enabling these features also helps to secure your private data and avoid identity theft.

Be a responsible Internet user

Antivirus programs and security features of Internet browser facilitates real-time protection and monitors harmful activities online. However, it tends to malfunction for some reasons. Thus, you do not have to be fully dependent on these tools. It is always best to practice safety measures when using the Internet.