Remove Trojan.Feedel

Posted on: February 11th, 2009

Discovered: February 8, 2009
Updated:

February 9, 2009 3:52:38 AM
Type:

Trojan
Systems Affected:

Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000
Recommended Action:

In order to remove Trojan.Feedel you need to Download the ‘No Adware’ remover software. Based on our testing this was the best peforming remover of Trojan.Feedel..

You will see the download link on their website, once installed it will perform a full system scan on your machine for free.
Technical Details:
The Trojan may arrive on the compromised computer by being downloaded as
the following file: aaca[RANDOM LETTERS].gif

When the Trojan is executed, it creates the following registry entry so that it
runs every time Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current
Version\Run\”[NAME OF COMPROMISED COMPUTER]” = “[PATH

TO TROJAN]”

The Trojan then downloads a component file containing the payload from
the following URL:[http://][IP ADDRESS]/pix/aaca[RANDOM [REMOVED]

Note: The downloaded component file is encrypted. The Trojan may
perform a DNS search for weather4all.ws and use the IP address it
gathers as a key to decrypt the IP address from where it downloads the
component file.

The Trojan re-encrypts the downloaded component file using the
compromised computer’s hard drive information as the key. The

payload will therefore only run on the compromised computer.
Action Steps:
FREE SCAN: NoAdware can remove Trojan.Feedel. Click the link below for your free download & scan your PC now.

MANUAL REMOVAL: Please click here for manual removal instructions.

Posted on Wednesday, February 11th, 2009 at 1:44 pm - filed under Blog, Trojan.