TrojanDownloader:Win32/Recslurp.B Removal Manual - How to, Technology and PC Security Forum |

TrojanDownloader:Win32/Recslurp.B Removal Manual

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

TrojanDownloader:Win32/Recslurp.B is a backdoor Trojan that can install other, potentially unwanted software on the compromised machine without the user’s consent. The threat is capable of opening a backdoor on the affected computer and allowing cyber crooks a remote access to the PC.

TrojanDownloader:Win32/Recslurp.B is also detected as Trojan/Win32.Snocry (AhnLab). W32/Trojan.CAUQ-7382 (Command), (Kaspersky), BackDoor.Siggen.58526 (Dr.Web), Win32/Agent.QKJ trojan (ESET), TROJ_CRYPTED.BLO (Trend Micro).

Download a System Scanner, to See If Your System Has Been Affected By TrojanDownloader:Win32/Recslurp.B.

How Is TrojanDownloader:Win32/Recslurp.B Distributed?

Threats like TrojanDownloader:Win32/Recslurp.B are usually distributed as an attachment file to a spam email message. In most cases, malicious emails claim to be sent from financial institutions or other legitimate companies.

Trojans can also enter your system via corrupt web pages and through drive-by-downloads.

How Does TrojanDownloader:Win32/Recslurp.B Behave?

Once installed, TrojanDownloader:Win32/Recslurp.B is known to replicate itself and replace the following files:

  • %SystemRoot% \svchost.exe
  • %SystemRoot% \csrss.exe
  • %SystemRoot% \rundll32.exe

In case the threat is not capable of replacing the above-mentioned files, it creates the files listed below:

  • %APPDATA%\csrss.exe
  • %APPDATA%\svchost.exe
  • %APPDATA% \rundll32.exe

Microsoft experts report that TrojanDownloader:Win32/Recslurp.B modifies the registry so the threat would be activated with every system start-up.

Sets value: “Client Server Runtime Process”
With data: “%APPDATA%\csrss.exe”
In subkey: HKCU\software\microsoft\windows\currentversion\run

Sets value: “Service Host Process for Windows”
With data: “%APPDATA%\svchost.exe”
In subkey: HKCU\software\microsoft\windows\currentversion\run

Sets value: “Host-process Windows (Rundll32.exe)”
With data: “%APPDATA%\rundll32.exe”
In subkey: HKCU\software\microsoft\windows\currentversion\run

TrojanDownloader:Win32/Recslurp.B can also create the following mutexes:

  • Global\{70D4DFB2-5794-165E-E23A-6CD80ED72355}
  • Local\{807B5984-D1A2-E6F1-E23A-6CD80ED72355}

Is TrojanDownloader:Win32/Recslurp.B Dangerous?

The threat is able to download unwanted software or other malware on the compromised machine. Experts have observed TrojanDownloader:Win32/Recslurp.B connecting to these remote hosts:


To check for Internet connection TrojanDownloader:Win32/Recslurp.B is known to use port 25. As the Trojan connects to the C&C server, it may perform each or all of the following tasks: download and run files, receive instructions from the attackers, upload data from the compromised PC, receive configuration data, and others.

How to Remove TrojanDownloader:Win32/Recslurp.B from Your Computer?

Trojans can be tricky to spot, so malware researchers recommend running a full system scan and then removing any detected threats. Users are advised to install a trusted anti-spyware solution in Safe Mode because some Trojans can disable the AV tools that are already active on the affected computer. Follow the steps below to delete TrojanDownloader:Win32/Recslurp.B and similar threats from your PC permanently.

Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool. Find Out More About SpyHunter Anti-Malware Tool

1. Start Your PC in Safe Mode to Remove TrojanDownloader:Win32/Recslurp.B
2. Remove TrojanDownloader:Win32/Recslurp.B automatically with Spy Hunter Malware - Removal Tool.

Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share