TROJ_TECSAM.A
Windows
Threat Type: Trojan
Destructiveness: No
Encrypted: Yes
In the wild: Yes
OVERVIEW
Downloaded from the Internet
However, as of this writing, the said sites are inaccessible.
TECHNICAL DETAILS
208,896 bytes
EXE
No
02 Aug 2016
Displays windows, Connects to URLs/IPs
Arrival Details
This Trojan may be unknowingly downloaded by a user while visiting the following malicious websites:
- http://bitly.com/{BLOCKED}Q - "Hallmark e-card"
Expanded: http://cnn.com--{BLOCKED}.online/brain/66.gif - http://bitly.com/{BLOCKED}U
Expanded: http://cnn.com--{BLOCKED}.online/brain/first.html
Infection Points
This Trojan arrives as a file downloaded from the following URLs:
- http://{BLOCKED}m--daily.online/brain/Card.exe
Other Details
However, as of this writing, the said sites are inaccessible.
NOTES:
Once the file is executed, this malware displays a fake window tricking the user into calling the number for technical support where it expose them into giving personal information.
SOLUTION
9.800
12.696.01
05 Aug 2016
12.697.00
06 Aug 2016
Step 1
Before doing any scans, Windows XP, Windows Vista, and Windows 7 users must disable System Restore to allow full scanning of their computers.
Step 2
Scan your computer with your Trend Micro product to delete files detected as TROJ_TECSAM.A. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.
Did this description help? Tell us how we did.