Torpig

Torpig is a dangerous Trojan Horse that can destroy valuable data on your PC. Protect your personal files from Torpig by being aware of the vital facts about it.

Torpig is one of the most destructive of all Windows Trojan Horses. Not only does it steal and destroy files, it can also install malware. The following sections describe the damage it can cause and how it can be stopped.

Vulnerable Software

The program is known to affect all major versions of Windows from 95 to XP. It is uncertain if a strain has been developed to run on Vista as well. As a Trojan Horse it can be installed in a computer from an infected software.

Effects on Computers

This malware is very destructive. The reason is that unlike other Trojans, the Torpig payload can affect several components of a computer. It can deactivate the antivirus software in your system. When this happens, it will be able to download more malware that can wreck havoc on the computer.

Like other Trojans it can delete files. However it goes further than that. A remote user can infiltrate the operating system and steal files or change settings. In short, when this program is active, the computer can be run by another user somewhere else. One of the ways in which information is transferred is via a log of the keyboard commands you use. The data is logged and sent out via HTTP. The remote user can then manipulate the system.

Its capacity to steal information that has made the Torpig notorious though. A report by the BBC stated that half a million online credit / bank accounts have been stolen using this program.

Removal and Prevention

If the program is in your system, use a virus scanner to remove it. If the antivirus has been disabled, follow these steps.

Go to the Start Menu and select “Run”.

Type “regedit” and click OK.

When the Registry Editor opens, select “Export Registry”; choose all in the range. This will be your Registry backup. In case anything goes wrong, put this back and restart the computer.

Every user of Windows is indicated by a number, so this process has to be repeated for every one of them. Look for something like this:

HKU\[code number]\Software\Microsoft\Windows\CurrentVersion\Run\explorer\service\explorer.exe

Delete it. Close the editor and restart the computer. If the problem persists, proceed to the next step.

Check if the following files exist. If they do, remove them to completely eliminate Torpig.

HKCU\Software\Microsoft\Windows\CurrentVersion\pwd

HKCU\Software\Microsoft\Windows\CurrentVersion\gnum

HKCU\Software\Microsoft\Windows\CurrentVersion\myID2

Also check Windows Explorer and delete the following:

\service\dll.dll

\service\dllp.txt

\service\explorer.exe

To keep this malware from entering your system in the first place, do not download software or games from unknown websites. You should also avoid opening any attachments that end with an .exe.

Finally, schedule a full time scan once a month. If you don’t scan regularly, you may not realize that the program is already in your system until it is too late. By checking on a consistent basis, you can assess the situation more easily.

Torpig can cause a lot of trouble but if you take the proper precaution this can be prevented. By taking these steps you lessen the chances of being infected.

Share and Enjoy:
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
Permalink