The Glasrats Trojan horse also known as Backdoor.Glasrats is reported to open a backdoor on a compromised computer. It is classified as a backdoor type of Trojan horse. Glasrats Trojan may download potentially malicious files, and may upload personal data to different remote locations. It can self-update and auto-start its processes. We recommend its immediate removal from the system.
|Short Description||The Trojan opens a backdoor. The backdoor can give unauthorized access of a computer to a hacker remotely.|
|Symptoms||Over the backdoor, potentially malicious files can be downloaded and sensitive information can be uploaded to a remote location.|
|Distribution Method||Targeted Attacks, Email Attachments, Suspicious Sites|
|Detection Tool||Download Malware Removal Tool, to See If Your System Has Been Affected by Glasrats Trojan|
|User Experience||Join our forum to discuss the Glasrats Trojan.|
Glasrats Trojan – How Did I Get It?
There are a few ways you can get infected with the Glasrats Trojan horse. The most common one is by installing it manually as another program pretending to be useful. Thus, without knowing, you are getting the Trojan inserted into your computer.
Another way to get infected is via Browser exploits.
You might have been infected with the Trojan from a targeted attack by downloading an attachment from an email. Attached files that can be used to spread various threats such as the Glasrats Trojan, usually have these extensions: .bat, .exe, .vbs, .pif, .scr.
Glasrats Trojan – More About It
According to Symantec researchers, once the Trojan is executed, it creates these files:
- %AllUsersProfile%\Application Data\update.dll
- %AllUsersProfile%\Application Data\updatef.dll
- %AllUsersProfile%\Application Data\net317rs.dll
- %AllUsersProfile%\Application Data\ovss725y.dll
After their creation, new registry entries will be added as well:
→HKEY_LOCAL_MACHINE\SYSTEM\Select\”Default” = “2”
→HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasAuto\Parameters\”ServiceDll” = “[Malware Path]”
→HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasAuto\”Start” = “2”
Those files will allow for the Glasrats Trojan to update itself. The registry entries will make the malware’s processes to run automatically with each system start. Every Windows Service can be set to have an ”Automatic” start by setting that registry value to “=2”, like it is in the registry keys above.
After these actions, the Trojan will open a backdoor, modify firewall settings, and connect remotely to the following locations:
Through that backdoor, Glasrats may perform a number of malicious actions. Such actions include:
- Sending system information (IP address, computer name and OS version);
- Downloading malware to the computer;
- Uploading files to the remote locations.
Other possible things the Trojan may do are file and command execution and starting an interactive command shell.
Remove Glasrats Trojan Completely
Glasrats Trojan can spy on you, access various sensitive information on your computer and over time, may infect you with different kinds of malware. It may track your personal information and send that data to cybercriminals, which can aid them to profit.
To completely get rid of the Glasrats Trojan horse from your computer, carefully follow the step-by-step removal instructions provided below.