Trojan.Loopas.B is a computer Trojan that will arrive as a malicious Excel file. It will try to exploit the Microsoft Excel ‘FEATHEADER’ Record Remote Code Execution Vulnerability in order to gain access on the target computer. Trojan.Loopas.B will open a backdoor on infected computer and steal sensitive information, which it will send to a remote attacker on a scheduled basis.
Once Trojan.Loopas.B is executed on the PC, it will create a number of files inside Windows folder. These files are %System%\wuauclt1.dll, and %Temp%\(Random Characters).tmp. Next, it will force the system to load the main Trojan file by infecting a legitimate Windows DLL file called wuaueng.dll.
Once the Trojan is loaded, it will monitor system activities and steal the following information:
- IP Address of the computer and other network data
- Active connection port
- Computer name, user name and passwords saved on the infected unit
- Programs files presently installed on the PC
- Version of the operating system
Once it completes collecting the information listed above, it will send these data to a remote server depending on the configuration settings. The Trojan may transmit the file using email or File Transfer Protocol (FTP). It may also stop the service “wuauserv” and load a malicious replacement in order to load the Trojan.
Opening a backdoor is the least function of Trojan.Loopas.B. Through this connection, the Trojan will allow a remote attacker to download, upload, and execute files to an infected computer.
Damage Level: Low
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Manual Removal of Trojan.Loopas.B
1. If using Windows Me/XP, System Restore must be disabled to prevent the threat from restoring itself. [how to]
2. Database, pattern and definition files of installed antivirus programs must be updated.
3. Restart Windows in Safe Mode.
4. Run a full system scan and clean/delete all infected files.
5. Restart Windows in normal mode.
Scan with Norton Power Eraser:
A free removal tool from Norton Antivirus was developed to remove unfamiliar threats without using the traditional AV signatures. Download the tool from this location and start scanning the computer for viruses.
Online Virus Scanner:
It is best run a separate scan using free Online Virus Scanner. It can be used without the need to install additional antivirus application.