Trojan.Luminrat is a Trojan horse that can open a backdoor on an infected computer. It can also download other malicious files on your machine, modify various settings and steal personal information. It may steal email and FileZilla profile credentials as well.
|Type||Trojan Horse, Backdoor|
|Short Description||The Trojan’s purpose is to steal personal data and credentials and may infect a compromised system with other malware.|
|Symptoms||The Trojan may perform DDoS attacks, disable Task Manager, open a command shell and change different computer settings.|
|Distribution Method||Targeted Attacks, Email Attachments|
|Affected Operating Systems||From Windows 95 to Windows 7, Windows Server 2008|
|Detection Tool||Download Malware Removal Tool, to See If Your System Has Been Affected by Trojan.Luminrat|
|User Experience||Join our forum to discussTrojan.Luminrat.|
Trojan.Luminrat – How Did I Get It?
There are a number of ways you could get infected with the “Luminrat” Trojan horse. The most common distribution method is to install it manually as another program which is under the pretense that is useful. Thus, without knowing, you are getting the Trojan inserted into your system.
You might have been infected with the Trojan from a targeted attack by downloading an attachment from an electronic letter. Files that can be used to spread various threats such as the Luminrat Trojan, more often than not, have these extensions: .bat, .exe, .vbs, .pif, .scr and other executable ones. The Trojan usually hides in your system, by using names with different decimal numbers for its files. You could also get infected via some plugin, extension, popup banner, or a site with malware on it.
Trojan.Luminrat – More About It
Once executed, the Luminat Trojan creates folders in the System Drive, which have decimal numbers as names and the directory path looks something like this:
Then it inserts a clean file in its main directory, named “helper.exe”. After which, the following registry entries are created in the “HKEY_CURRENT_USER\Software\” key:
→•”Xmy8Wrx1nWVOj522YFIamQ==” = “[BASE64 DATA]”
→•”UeE/t8o052EAyeZxeEkWIg==” = “[BASE64 DATA]”
A backdoor is then opened on the affected computer, which opens a connection through TCP port 7189 and leads to the remote location “lumilogs.ddns.net”.
The Trojan can do a lot of actions on a compromised computer and change settings allowing access to microphones and cameras. It can record audio and webcam footage. It can perform TCP, UDP and Slowloris distributed denial-of-service (DDoS) attacks and open a proxy as well. All the personal data collected from the targeted machine can be sent to a remote location, including the above-mentioned audio and video recordings. On top of that, it may steal email and FileZilla account credentials.
It may also do the following tasks:
•Initiate a remote desktop
•Modify the hosts file
•Start a remote desktop connection
•Disable Windows Task Manager
•Open a command shell prompt
•Download malicious files
•Traverse files and folders
•Show a message box
This proves that the Luminrat Trojan has dangerous capabilities, including a two-way backdoor to a remote location selected by a cyber-criminal, who can steal very sensitive and personal information from the computer being targeted.
Remove Trojan.Luminrat Completely
This Trojan can spy on you, access different sensitive information and over time, infect you with different kinds of malware. It may track your personal information and send that data to the hackers that created it, which can aid them to profit from it. In order to completely get rid of the Luminrat Trojan horse from your computer, carefully follow the step-by-step removal guide provided down below!