Trojan.Spamship

Updated: March 20, 2013 Trojan 0 Comment

Trojan.Spamship is a Trojan horse that was created specifically to send spam email messages. If executed, Trojan.Spamship will modify system registry and add itself as a system service to run itself automatically when Windows is started. The spam email will have an infected attachment that was identified as Trojan.Swifi that will attempt to exploit certain Adobe Flash Player and Adobe Acrobat vulnerability to further infect the computer.

Technical Information:

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

Manual Removal of Trojan.Spamship:

1. Temporarily Disable System Restore.
2. Update the virus definitions.
3. Restart Windows in Safe Mode.
4. Run a full system scan and clean/delete all infected files.
5. Delete/Modify any values added to the registry.
6. Exit registry editor and restart Windows.

Online Virus Scanner:
Another way to remove a virus without the need to install additional anti-virus application is to perform a thorough scan with free Online Virus Scanner that can be found here or on websites of legitimate anti-virus and security provider.

Technical Details and Additional Information:

Other functionalities of this Trojan:
- Access specified location on the Internet.
- Connects to specified SMTP server to send phishing spam.
- It will disguise as an email from Chase Paymentech Team

Malicious Files Added by Trojan.Spamship:
%CurrentFolder%\[ORIGINAL THREAT FILE NAME].exe

Associated Windows Registry Entries:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdobeTM4\”DisplayName” = “AdobeTM4″
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdobeTM4\”ImagePath” = “%CurrentFolder%\[ORIGINAL THREAT FILE NAME].exe”