Trojan.Chromeinject.A is a Trojan horse that steals information from the compromised computer. When executed, the Trojan searches the compromised computer for the location of the Mozilla Firefox browser and copies itself as the following files:
- %SystemDrive%\[PATH TO FIREFOX]\plugins\npbasic.dll
- %SystemDrive%\[PATH TO FIREFOX]\plugins\npbasic.dll1
- %Temp%\[RANDOM FILE NAME].tmp
It then modifies the following files in order to steal information from the compromised computer:
- %SystemDrive%\[PATH TO FIREFOX]\chrome\chrome\content\browser.js
- %SystemDrive%\[PATH TO FIREFOX]\chrome\chrome\content\browser.xul
- %SystemDrive%\[PATH TO FIREFOX]\chrome\browser.manifest
The Trojan attempts to steal sign-in information when the following domains are accessed using Mozilla Firefox. See the entire list here.
The Trojan then sends the stolen information to one of the following locations:
- [http://]www.yandeeex.ru
- [http://]www.sss.re
Recommendations:
- Use a firewall to block all incoming connections from the Internet to services that should not be publicly available. By default, you should deny all incoming connections and only allow services you explicitly want to offer to the outside world.
- Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.
To see more recommendations go to the bottom of this page here.
To remove this Trojan please follow the instructions here.
thanks for the info,hope anti-virus detectcs it
Anytime and glad we can shed light on this latest Trojan issue.
New Trojan Alert and Removal Instructions | TechJaws: Internet Security and SEO great article thank you.
New Trojan Alert and Removal Instructions | TechJaws: Internet Security and SEOvery good great article thank you.
New Trojan Alert and Removal Instructions | TechJaws: Internet Security and SEO great article thank you.