Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Remove TrojanDropper:Win32/Sventore.A Completely

A new Trojan.Dropper has been detected by Microsoft`s security software to infect user systems. Microsoft report that the Trojan may download other malicious files on the infected computes as well as upload files to the cyber-criminal who is controlling it. In addition to that the Trojan may have the ability to modify digital certificates by validating them. Users who believe they have been infected by the threat are strongly advised to immediately take precautions.

NameTrojanDropper:Win32/Sventore.A
TypeTrojan Horse
Short DescriptionThe malicious Trojan may gain read and write permissions and connect to a remote host after which download an upload information.
SymptomsThe user may witness slow PC, system Freezes, unrecognized processes and unfamiliar mutex.
Distribution MethodVia malicious attachments or web links.
Detection ToolDownload Malware Removal Tool, to See If Your System Has Been Affected by TrojanDropper:Win32/Sventore.A
User Experience Join our forum to discuss TrojanDropper:Win32/Sventore.A.

shutterstock_248596792

TrojanDropper:Win32/Sventore.A – How Is It Spread

One way this Trojan may infect computer is via malicious e-mail attachments. Cyber-criminals use spam bots to spread fraudulent messages that may resemble a reputable service like Windows Update, Apple Support or others. The messages may contain malicious attachments that could be the payload of the Trojan. The attachment extensions may vary, for example:

.tmp; .exe; .dll; .bat; .docx; .pdf; where the document files may contain malicious macros.

TrojanDropper:Win32/Sventore.A – How Does It Work

According to a Microsoft security analysis by Jakub Kaminski, once the payload carrying executable has been activated it drops the following modules in new folders starting with “n” in %temp%. The files have been reported to be as follows:

\n1213\s1213.exe
\n227\s227.exe
\n1239\s1239.exe
\n3943\s3943.exe
\n5402\s5402.exe

NOTE: These files have the same name as their folder, only the first letter is changed from “n” to “s”.

After installing its modules, each one of which may be preprogrammed to serve different purpose, the malware gets down to business. It is reported to connect via port 80 to the following hosts:

b9d07.northstar.api.socdn.com
facd.northstar.api.socdn.com
fabe.northstar.api.socdn.com
d3c8.ultron.api.socdn.com

After connecting to the remote host the malware may perform each and every one of these malicious deeds:

  • Obtain information about your internet connection and check if you are connected.
  • Notify the hacker controlling it that your device has been infected.
  • Download other files from its hosts to the victim`s computer and run them as an administrator. These may be other malware such as CryptoWall Ransomware, KoobFace Worm, etc.
  • Get system`s configuration information and other info like IP addresses, physical location, etc.
  • Upload gathered information to the hacker`s C&C (command and control) center.
  • Tamper with any electronic certificates installed on your computer.
  • Receive commands pre-set by the attacker.

And here is not where the surprises by TrojanDropper:Win32/Sventore.A end. The threat may also use its connection to the above-mentioned remote hosts or connect to others and send GET type of requests.

Furthermore, the cyber threat has been reported to create several mutex values on infected computers, like:

{8129d028-9d22-2203-1p21sk-0200e200e}
FP8BS3OD-2023-420d-Bw9b-1202102332
NetCfgWriteLock

These may identify uniquely the threat and prevent the same malware being ran twice on the affected computer.

Removing TrojanDropper:Win32/Sventore.A Completely

In order to fully be rid of this Trojan it is strongly advisable to take preventive measures. One way to do it is by following the removal manual after this article. It is also advisable to use an advanced anti-malware tool to scan your computer in safe mode with. You should also back up your data before proceeding with any removals.

Here is how to remove TrojanDropper:Win32/Sventore.A Completely:

1. Boot Your PC In Safe Mode to isolate and remove TrojanDropper:Win32/Sventore.A
2. Remove TrojanDropper:Win32/Sventore.A with SpyHunter Anti-Malware Tool
3. Remove TrojanDropper:Win32/Sventore.A with Malwarebytes Anti-Malware.
4. Remove TrojanDropper:Win32/Sventore.A with STOPZilla AntiMalware
5. Back up your data to secure it against infections by TrojanDropper:Win32/Sventore.A in the future
NOTE! Substantial notification about the TrojanDropper:Win32/Sventore.A threat: Manual removal of TrojanDropper:Win32/Sventore.A requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.