This article aims to explain what Is the Trojan.Floxif infecton which is spread via CCleaner and how to remove Floxif malware from your computer.
A scandalous infection has been detected by malware researchers which infects computers directly via the CCleaner 5.33.6162 version of the program. The hackers managed to slither the Trojan.Floxif infection which drops a file on the computer and begins to perform a variety of malicious activities which are the last thing you want on your computer. Besides being a Keylogger, the Trojan may also steal your login details, financial information and even download and install other malware such as ransomware, for example, which locks your documents and holds them hostage for a ransom payoff.
If your computer has CCleaner installed on it, it is advisable to immediately remove it and read the following article to learn how to detect and remove the CCleaner Trojan.Floxif from your computer effectively.
|Short Description||Infects your computer via the CCLeaner installer and downloads it’s payload. Classic Trojan Horse behavior.|
|Symptoms||No symptoms since the threat is well-concealed via obfuscators and other software. Can be found only by having the “Agomo” sub-key in the Windows Registry Editor.|
|Distribution Method||Spam Emails, Email Attachments, Executable files|
|Detection Tool|| See If Your System Has Been Affected by CCleaner Trojan.Floxif |
Malware Removal Tool
|User Experience||Join Our Forum to Discuss CCleaner Trojan.Floxif.|
CCleaner Trojan.Floxif – How Did I Get Infected
The bad news is that if you have downloaded the affected versions of either CCleaner (5.33.6162) or CCleaner Cloud (1.07.3191) has already been infected by the threat. The infection is conducted via the Trojan.Floxif infector which has been slithered by the hackers directly into those versions.
According to researchers the strongest indicator of having this malware on the computer is that upon infection it creates a Windows Registry Sub-key going by the name of “Agomo”. It is located in the following registry sub-key:
If you have this registry key existing on your computer, you should assume that your computer has been compromised by the Trojan.Floxif infection.
Trojan.Floxif – Activity Analysis
The Floxif Trojan is a malware that has several different versions. The activity of those versions, however is rather similar. When the Floxif trojan has been started, it immediately executes a script that drops a .dll file, named symsrv.dll. The file is about 67 kilobytes in size and has the following location:
→ C:\Program Files\Common Files\System\symsrv.dll
In order to execute the malicious file when Windows boots up, the virus may add the following registry entry in the “Windows” sub-key, located in HKEY_LOCAL_MACHINE’\SOFTWARE\Microsoft\Windows NT\CurrentVersion\:
→ “AppInit_DLLs” = “C:\Program Files\Common Files\System\symsrv.dll”
“LoadAppInit_DLLs” = 1
In addition to this, the Trojan.Floxif may also set the registry entries so that it remains hidden on your computer. To do this, it attacks the following Registry sub-keys:
In those keys, entries are created with the following values in them:
→ “ShowSuperHidden” = 0
“NoDriveTypeAutoRun” = 145
“Type” = “radio”
“SFCDisable” = 4294967197
Another activity which is performed by this virus is that it connects with the following Windows application programming interfaces (APIs):
→ CredReadW (advapi32.dll)
But this is not where the infection process ends, the Trojan.Floxif malware also tries to delete system files from Windows itself:
→ %Program Files%\Common Files\System\symsrv.dll.dat
The end goal of the Floxif malware is to steal information from your computer or install other malware on it. Besides collecting lists with programs installed on your PC, the network information from it and unique identifiers, the virus may also connect to a remote host and download malware. To store the stolen information, the Trojan.Floxif may create the following files:
→ %System Drive%\pagefile.pif
Of those files, it executes the update.exe file automatically.
How to Detect and Remove Trojan.Floxif
In order to remove Trojan.Floxif malware from your computer, it is strongly recommended to follow the manual or automatic removal steps below. They are specifically designed to help you isolate and delete this virus.
Be advised that since the Trojan.Floxif threat creates multiple objects on your computer and assumes partial control of it, it may be difficult to remove manually. This is why, experts strongly advise detecting and removing it automatically by installing and scanning your computer with an advanced anti-malware software. This will also make sure the threat is permanently gone and your system is protected against any future infections, like the CCleaner Floxif malware.