Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


TrojanDownloader:Win32/Recslurp.B Removal Manual

TrojanDownloader:Win32/Recslurp.B is a backdoor Trojan that can install other, potentially unwanted software on the compromised machine without the user’s consent. The threat is capable of opening a backdoor on the affected computer and allowing cyber crooks a remote access to the PC.

TrojanDownloader:Win32/Recslurp.B is also detected as Trojan/Win32.Snocry (AhnLab). W32/Trojan.CAUQ-7382 (Command), Trojan-Ransom.Win32.Snocry.az (Kaspersky), BackDoor.Siggen.58526 (Dr.Web), Win32/Agent.QKJ trojan (ESET), TROJ_CRYPTED.BLO (Trend Micro).

Download a System Scanner, to See If Your System Has Been Affected By TrojanDownloader:Win32/Recslurp.B.

How Is TrojanDownloader:Win32/Recslurp.B Distributed?

Adware.CrossRider.Win32.35
Threats like TrojanDownloader:Win32/Recslurp.B are usually distributed as an attachment file to a spam email message. In most cases, malicious emails claim to be sent from financial institutions or other legitimate companies.

Trojans can also enter your system via corrupt web pages and through drive-by-downloads.

How Does TrojanDownloader:Win32/Recslurp.B Behave?

Once installed, TrojanDownloader:Win32/Recslurp.B is known to replicate itself and replace the following files:

  • %SystemRoot% \svchost.exe
  • %SystemRoot% \csrss.exe
  • %SystemRoot% \rundll32.exe

In case the threat is not capable of replacing the above-mentioned files, it creates the files listed below:

  • %APPDATA%\csrss.exe
  • %APPDATA%\svchost.exe
  • %APPDATA% \rundll32.exe

Microsoft experts report that TrojanDownloader:Win32/Recslurp.B modifies the registry so the threat would be activated with every system start-up.

Sets value: “Client Server Runtime Process”
With data: “%APPDATA%\csrss.exe”
In subkey: HKCU\software\microsoft\windows\currentversion\run

Sets value: “Service Host Process for Windows”
With data: “%APPDATA%\svchost.exe”
In subkey: HKCU\software\microsoft\windows\currentversion\run

Sets value: “Host-process Windows (Rundll32.exe)”
With data: “%APPDATA%\rundll32.exe”
In subkey: HKCU\software\microsoft\windows\currentversion\run

TrojanDownloader:Win32/Recslurp.B can also create the following mutexes:

  • Global\{70D4DFB2-5794-165E-E23A-6CD80ED72355}
  • Local\{807B5984-D1A2-E6F1-E23A-6CD80ED72355}

Is TrojanDownloader:Win32/Recslurp.B Dangerous?

The threat is able to download unwanted software or other malware on the compromised machine. Experts have observed TrojanDownloader:Win32/Recslurp.B connecting to these remote hosts:

  • smtp.gmail.com
  • plus.smtp.mail.yahoo.com

To check for Internet connection TrojanDownloader:Win32/Recslurp.B is known to use port 25. As the Trojan connects to the C&C server, it may perform each or all of the following tasks: download and run files, receive instructions from the attackers, upload data from the compromised PC, receive configuration data, and others.

How to Remove TrojanDownloader:Win32/Recslurp.B from Your Computer?

Trojans can be tricky to spot, so malware researchers recommend running a full system scan and then removing any detected threats. Users are advised to install a trusted anti-spyware solution in Safe Mode because some Trojans can disable the AV tools that are already active on the affected computer. Follow the steps below to delete TrojanDownloader:Win32/Recslurp.B and similar threats from your PC permanently.

donload_now_250
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool. Find Out More About SpyHunter Anti-Malware Tool

1. Start Your PC in Safe Mode to Remove TrojanDownloader:Win32/Recslurp.B
2. Remove TrojanDownloader:Win32/Recslurp.B automatically with Spy Hunter Malware - Removal Tool.

Berta Bilbao

Berta is the Editor-in-Chief of SensorsTechForum. She is a dedicated malware researcher, dreaming for a more secure cyber space.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.