Win32:Atraps-PZ[Trojan] is a Trojan horse that was discovered a couple of years ago. However, new attacks initiated by the Trojan have been just detected in the wild.
|Type||Trojan Horse, Worm|
|Short Description||The threat may create a shortcut of a file and then hide it.|
|Symptoms||Alerts by the AV software, is such is present on the system.|
|Distribution Method||Infected external memory devices, torrent clients, pirated software, spam, zero-day vulnerabilities.|
|Detection tool||Download Malware Removal Tool, to See If Your System Has Been Affected By Win32:Atraps-PZ[Trojan]|
Win32:Atraps-PZ[Trojan] Threat Description. Similarities with Other Malware
Some users may refer to the threat as a shortcut virus. Win32:Atraps-PZ[Trojan] has been reported to create a shortcut of a file and then hide it.
According to research, Win32:Atraps-PZ[Trojan] may come from the family of the TR/ATRAPS.Gen2 virus. The virus itself is closely related to the ZeroAccess rootkit. Since Trojan horses can be employed as backdoors or malware droppers, there is a possibility that Win32:Atraps-PZ[Trojan] has been used to spread the virus. However, more information is needed to confirm that. One way to know that your system has been affected by a malicious threat from the Atraps family is if you have witnessed the following alert:
→“Access to file containing the virus or unwanted program ‘TR/ATRAPS.Gen2’ was blocked”
Users should keep in mind that malware from the Atraps family has been circulating for several years. It’s only logical that the threats have many new and updated variants, with multiple functionality modifications to improve the persistence of the infection.
TR/ATRAPS.Gen2 has been reported to have kernel-mode rootkit capabilities. It can hide itself on the targeted machine, be it 32 or 64-bit. It also has aggressive self-defense capabilities. Overall, the threat has been identified as quite malicious and sophisticated.
It seems that Win32:Atraps-PZ[Trojan] is a variant of the malware family that has been written especially for 32-bit Windows. Now, let’s see how the threat is distributed.
Win32:Atraps-PZ[Trojan] Distribution Technique
Malware classified as a Trojan horse, virus or rootkit is primarily distributed through:
- Infected external memory devices – USB drives, CDs, etc.
- P2P networks and file sharing – such as torrents.
- Spam emails and corrupted email attachments.
- Zero-day vulnerabilities.
In particular, Trojans and viruses seem to prefer being spread via exploit kits and programs that are associated with software-piracy – keygens and cracks mostly. In that sense, users who tend to use such pieces of counterfeit software are more endangered. However, any machine that doesn’t support one or more AV solutions is at risk of a malicious intrusion.
In addition, Trojans such as Win32:Atraps-PZ[Trojan] may be dropped or installed by other malicious software. The vice versa scenario is also probable – Trojans may be employed to spread adware and potentially unwanted program. The end goal of the whole procedure of infection may be to carry out click fraud and generate income for the botnet authors.
Here is a list of possible Win32:Atraps-PZ[Trojan] detections:
- win32 Atraps-PF
Win32:Atraps-PZ[Trojan] Removal Options
There are cases of users who have removed the Trojan only to find out that it re-appeared after a while. It is clear that the infection is quite intrusive and persistent. To completely eradicate it, an AV software specialized in removing spyware threats is required.
What you can do is first scan your Registry via specialized registry cleaner program. Then apply an AV scanner. The step-by-step removal guide below the article may be tried as well. However, keep in mind that this particular Trojan can be stealthier than other Trojans. Using professional tools to eliminate it completely is recommended.
Step 1: Start Your PC in Safe Mode to Remove Win32:Atraps-PZ[Trojan].
Removing Win32:Atraps-PZ[Trojan] from Windows XP, Vista, 7 systems:
1. Remove all CDs and DVDs, and then Restart your PC from the “Start” menu.
– For PCs with a single operating system: Press “F8” repeatedly after the first boot screen shows up during the restart of your computer. In case the Windows logo appears on the screen, you have to repeat the same task again.
– For PCs with multiple operating systems: Тhe arrow keys will help you select the operating system you prefer to start in Safe Mode. Press “F8” just as described for a single operating system.
3. As the “Advanced Boot Options” screen appears, select the Safe Mode option you want using the arrow keys. As you make your selection, press “Enter“.
4. Log on to your computer using your administrator account
While your computer is in Safe Mode, the words “Safe Mode” will appear in all four corners of your screen.
Removing Win32:Atraps-PZ[Trojan] from Windows 8, 8.1 and 10 systems:
Whilst holding down Shift button, click on Power and then click on Restart.
A menu will appear upon reboot. You should choose Safe Mode by pressing its corresponding number and the machine will restart and boot into Safe Mode so you can scan for and remove Win32:Atraps-PZ[Trojan].
Step 2: Remove Win32:Atraps-PZ[Trojan] automatically by downloading an advanced anti-malware program.
To clean your computer you should download an updated anti-malware program on a safe PC and then install it on the affected computer in offline mode. After that you should boot into safe mode and scan your computer to remove all Win32:Atraps-PZ[Trojan] associated objects.