Trojan.Stylz
If you receive a Facebook messages or post about “Dad catches daughters on webcam (OMGGGG),” do not click on it. It will redirect your Internet browser to a harmful web site.
Trojan.Stylz is a computer infection that usually spread via FaceBook messages and posts. The Trojan will be able to log victims HTTP connection to a remote server and displays excessive advertisements. It aims to redirect users Internet browser to a malicious web sites that will provide fake video codec in order for visitors to view online video.
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Windows Vista
Characteristics
If Trojan.Stylz is executed, it will create a “ProfileStylez” under Program Files folder. Next, the Trojan will record HTTP connections to a remote computer. Then, it will receive JavaScript file intended to display advertisement while victim is browsing the web. If Trojan.Stylz sense that user is logon to Facebook, it will post malicious links that points to a location of the harmful code. However, the account owner does not know this action.
Distribution
Trojan.Stylz spreads via Facebook messages and posts. It was found out that the message bears an intriguing title such as “Dad catches daughters on webcam (OMGGGG).” If Facebook user happens to click this post, it will redirect the current page to a fake video web site. Before visitors can play the video, the web site will display an error and state that a plug-in is needed. If you proceed, it will download and install the Trojan on computer and execute the same tasks to infect other Facebook users.
Here is the screenshot image of the fake video web site.
C:\Program Files\ProfileStylez\ProfileStylez.dll freecodec.exe pssetup.exe
How to Remove Trojan.Stylz
1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. To identify even the most recent variant of Trojan.Stylz, open your antivirus application and update the virus definitions.
3. Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Select Safe Mode with Networking.
- System will boot Windows loading only necessary drivers and system files.
4. Open your antivirus program and run a full system scan. After the scan, delete all infected items. If unable to delete, better place them in quarantine. Once the scan is complete please proceed with the next step.
Scan with McAfee Stinger:
Stinger is a portable security tool that can detect and remove particular viruses. It utilizes a highly developed scan engine technology that includes process scanning and scan function optimization.
5. Go to McAfee Labs Stinger web page and download the tool. Save it to your desktop.
6. Once the download completes, double click on the file to run the program.
7. The Stinger main program will open.
8. Default directory to scan is the system drive (C:\). You may add additional drives to scan by clicking on Add button.
9. Click on Scan Now button to begin scanning assigned drives.
10. Stinger will now scan and repair/delete all infected files.
11. When done, you may now close McAfee Stinger and restart Windows in normal mode.