Trojan.Spamship is a Trojan horse that was created specifically to send spam email messages. If executed, Trojan.Spamship will modify system registry and add itself as a system service to run itself automatically when Windows is started. The spam email will have an infected attachment that was identified as Trojan.Swifi that will attempt to exploit certain Adobe Flash Player and Adobe Acrobat vulnerability to further infect the computer.
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Manual Removal of Trojan.Spamship:
1. Temporarily Disable System Restore.
2. Update the virus definitions.
3. Restart Windows in Safe Mode.
4. Run a full system scan and clean/delete all infected files.
5. Delete/Modify any values added to the registry.
6. Exit registry editor and restart Windows.
Online Virus Scanner:
Another way to remove a virus without the need to install additional anti-virus application is to perform a thorough scan with free Online Virus Scanner that can be found here or on websites of legitimate anti-virus and security provider.
Technical Details and Additional Information:
Other functionalities of this Trojan:
- Access specified location on the Internet.
- Connects to specified SMTP server to send phishing spam.
- It will disguise as an email from Chase Paymentech Team
Malicious Files Added by Trojan.Spamship:
%CurrentFolder%\[ORIGINAL THREAT FILE NAME].exe
Associated Windows Registry Entries:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdobeTM4\”DisplayName” = “AdobeTM4″
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdobeTM4\”ImagePath” = “%CurrentFolder%\[ORIGINAL THREAT FILE NAME].exe”
Alternative Removal Method for Trojan.Spamship
Option 1 : Use Windows System Restore to return Windows to previous state
If Trojan.Spamship enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before Trojan.Spamship infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.