A new spyware type of Trojan has been reported by Microsoft to infect user systems. The trojan is reported to create multiple files in an infected computer that have different functions. The threat is primarily reported to steal sensitive user data, and this is why it is important to scan immediately your computer using and advanced anti-spyware software that will neutralize it, tutorial for which we have after this review.
|Type||Spyware type of Trojan Horse|
|Short Description||The trojan may perform various malicious activities ranging in negative impact for the user. It is mainly created to steal essential information.|
|Symptoms||Users might experience slow PC, their firewall and antivirus may be shut down without any notifications.|
|Distribution Method||Via spam mail, messages in online chats, comments on sites or even targeted attacks..|
|Detection Tool||Download Malware Removal Tool, to See If Your System Has Been Affected by TrojanSpy:Win32/Nivdort.CT|
|User Experience||Join our forum to discuss about TrojanSpy:Win32/Nivdort.CT.|
TrojanSpy:Win32/Nivdort.CT – How Did I Get It
One way to find yourself to be a victim to this trojan is by giving someone direct unauthorized access to your computer. Another method of distribution this trojan uses is social media chats such as Facebook and other chat software like Skype. Furthermore, you may encounter malicious files or links attached to spam mail messages, stating they are a legitimate service(PayPal, eBay, Amazon, BestBuy). The file extensions you should beware of are:
→.exe, .dll, .bat, .tmp
TrojanSpy:Win32/Nivdort.CT – More About It
For one particular situation, reported by Microsoft, the trojan may create files in the %SystemRoot% and %temp% folders of your Windows, named the following way:
Further reports indicate that this spyware type of threat uses a special code which is injected straight into running processes with the purpose to make the threat significantly more difficult to remove.
Regarding the payload of the trojan, its main purpose is to collect different important information from the infected computer. Such information is:
- Live spying of the keys you type.
- Monitoring of the programs you open.
- Live access to your browsing history.
- Collect any entered credit card credentials.
- Steal user names as well as passwords.
Furthermore, the Trojan may initiate a phishing site that looks like a legitimate one. This means that it may fake your Facebook, PayPal and other websites` web page to collect the financial information you enter or your credentials.
Given the abilities of this trojan it may be devastating if the information is in the wrong hands. The information may either be sold or used to steal funds from your account.
More about this trojan, it has features that enable it to change the settings of your system. It mainly focuses on changing the behavior settings, such as:
Microsoft has reported the following domains to connect via port 80 and be associated to this Trojan:
• journeymeasure(.)net using port 80
• sundaytomorrow(.)net using port 80
• cloudtomorrow(.)net using port 80
• quicktomorrow(.)net using port 80
• darktomorrow(.)net using port 80
• meattomorrow(.)net using port 80
• mosttomorrow(.)net using port 80
• sicktomorrow(.)net using port 80
After connecting to a remote host, this trojan may gain full access to your PC, including:
- Read and Write permissions.
- Download files onto your Hard Drive.
- Receive configuration information.
- Receive other information about your system.(Location, certificates, etc.)
- Validate certificates.
Removing TrojanSpy:Win32/Nivdort.CT Completely
In order to remove TrojanSpy:Win32/Nivdort.CT fully you must isolate the threat first. You can do this by stopping all third-party applications and booting into safe mode with networking. However, such Trojans always change registry settings and other system properties which may be challenging to be rid of. This is why you should follow the step by step manual below in order to successfully be rid of the spyware and other malware it may have downloaded onto your PC.