Get the 411 on Spyware
Trojan.IconDown Removal Guide
There are often times when malicious programs enter our systems and manage to remain there hidden for a very long time. Trojan.IconDown is one of those malicious infections that use all sorts of stealthy distribution methods to enter target systems surreptitiously. The Trojan does not do a lot of by itself. It works more like a downloader that opens your system’s doors for other malicious infections. Hence, if you remove Trojan.IconDown from your computer, you also need to invest in removing all the other threats that might have come with it.
It is important to point out that infections like Trojan.IconDown are usually used by attack groups against businesses and other legal entities, so the chances of regular users getting infected with this Trojan are very low. Also, the presence of such infections proves that businesses and other institutions need to invest in cybersecurity if they wish to protect their assets.
Judging from the research collected by cybersecurity specialists, this Trojan downloader is often used by the BlackTech attack group to breach into computer systems in Japan and Taiwan. It is rather common for an attack group to employ several malware elements to carry out their objectives. What’s more, Trojan.IconDown has really stealthy distribution methods that might take vulnerable systems by surprise.
The most common distribution vector is the man-in-the-middle attack when Trojan.IconDown intercepts communication between the target system and a system component that is vulnerable to malicious exploitation. Based on what the researchers have to say, Trojan.IconDown is usually distributed through the ASUS WebStorage update function. Please note that the update function itself is not malicious. However, the software does not check whether the downloaded update package is authentic or not before launching it. Thus, it allows the criminals to intercept this update and switch the software package with their own malware components.
Although the responsibility for such situation heavily falls on software developers and their inability to prevent malicious exploitation, it is also important for corporate employees to learn more about malware distribution, so that they could avoid potential threats.
Now, what happens when Trojan.IconDown manages to enter a target system? If you know a little bit about Trojans, you probably can guess that a malicious component might have several functions. Sure, Trojan.IconDown works as a payload downloader, so when this program enters the target system, the infection process is far from over. However, what KIND of payload is downloaded greatly depends on the attack group.
However, since the BlackTech attack group carries out espionage campaigns, we can expect other malware components to collect information on the affected systems. They might employ such common tracking measures as keylogging, webcam recording, screenshots, and so on. The point is that these criminals could collect information from your system behind your back, and if you do not run regular system scans, it might take a long while to figure that out.
On top of that, it might not be enough to remove Trojan.IconDown from your system, as there could be more malicious components on-board. So, what are you supposed to do? While it is possible to remove Trojan.IconDown manually following the instructions below, it would still be better to invest in a licensed security application that would run a full system scan and terminate all the malicious files and programs for you automatically.
What’s more, by investing in a powerful security tool, you would safeguard your system against multiple threats. Just don’t forget that a computer security tool is one of the safety layers necessary. Your IT department needs to be always ready to fight hacker attacks, and your employees need to know more about cyber threats to avoid them.
How to Delete Trojan.IconDown
- Press Win+R and enter %AppData%. Press OK.
- Open Microsoft\Windows\Start Menu\Programs\Startup.
- Remove the slui.exe and ctfmon.exe files.
- Press Win+R again and enter %TEMP%. Press OK.
- Remove the DEV[4_random_characters].TMP file.
- Scan your computer system with a licensed antispyware tool.
