Contents
Glupteba is family name of a powerful Trojan-type malware that includes almost every criminal functionality a computer virus can have. In computer terminology, it is recognized as a bot that turns victim’s computer into a zombie PC that can be controlled by cybercriminals remotely. This malicious software typically spreads via malvertising or EternalBlue exploit and is capable of dropping additional payloads on victim’s computer. Components of this multi-functional malware allow it to work as a rootkit, security software disabler, virus, browser local data stealer, cryptojacker and a router attack tool. Moreover, this malware is capable of hiding its presence on victim’s compyter. If your security software triggered an alert for this Trojan, you should eliminate it immediately.
Trojan.Glupteba is also noticed to be able to switch between Command & Control servers easily as it uses blockchain technology to retrieve updated addresses.
Currently known list of Glupteba Trojan’s functionalities is presented below. The malware is also known to be under continuous development.
Beware that this malicious Trojan often hides in various downloads that interest the gaming community – games, add-ons, mods, cracks, extension packs and similar tools. If you suspect that your computer has been infected with this malware, scan with robust anti-malware while in Safe Mode (download the security software while in regular mode and update it from there). If you wish to repair computer system after virus damage, consider scanning with RESTORO.
Scan your system for FREE to detect security, hardware and stability issues. You can use the scan results and try to remove detected issues manually, or you can choose to get the full version of software to fix detected issues and repair virus damage to Windows OS system files automatically. Includes Avira spyware/malware detection & removal engine.
Name | Glupteba Trojan |
Type | Trojan; Complex Malware; Distribution Framework |
Functionality | This Trojan includes a wide set of continuously expanding functions, including: a rootkit, virus, crypto miner, AV disabler, data stealer, router attack tool |
Detection names | Trojan:Win32/Glupteba!atmn (Microsoft), Trojan.Glupteba (Malwarebytes), ML/PE-A + Troj/Glupteba-M (Sophos) |
Associated malware | Known Microsoft detection name for STOP/DJVU malware variants – Trojan:Win32/Glupteba.NW!MTB |
Danger | Steals private information, controls computer remotely, uses login data to hack into computer and use it for further distribution or illegal activities, making the victim look as a cybercriminal |
Distribution | Hides in illegal torrent downloads, adware bundles, fake ads and other malware |
Removal | Remove using powerful anti-virus suite while in Safe Mode. Consider scanning with RESTORO after to repair caused damage to Windows OS files. |
Glupteba Trojan is infamous for its complex distribution techniques, and of course the variety of them. Moreover, there are various strains of this malware, and each of their distribution differs. In this article, we are going to review the most common and well-known distribution methods used by this Trojan’s operators.
The Trojan was first noticed back in 2011 and was distributed via TDL-4 bootkit (a malware downloader). It is believed that the operators behind TDL-4 were selling malware distribution service for other criminals on the dark web, as the bootkit was used to distribute a variety of malware variants.
In 2014, ESET revealed its investigation of Operation Windigo, which appeared to be associated with Trojan’s distribution. The operators behind this criminal scheme used compromised Linux servers to redirect part of HTTP requests through infectious web server instances. Redirected requests were routed to DNS servers controlled by Operation Windigo operators. The final redirection then would reach targets that hosts exploit kits. If the exploitation succeeded, Glupteba malware was dropped on compromised system.
In March 2018, ESET researchers reported about a change in the Trojan’s distribution. According to them, Windigo is no longer used for the virus’ proliferation, and instead it uses its own botnet. The virus appears to travel alongside deceptive adware (detection name MSIL/Adware.CsdiMonetize.AG) that uses a pay-per-install scheme to promote a variety of malware families, such as cryptocurrency miners, adware, as well as malware droppers that bypass security systems and install Glupteba.
Another distribution scheme reported by Infoblox in 2020 relies on a fake Youtube video download site. After entering a video link and clicking Download, the victim would then be presented with a fake file named after user’s chosen video, yet ending in .exe and prompting that the file isn’t a video, but a plain executive program. If the victim opens the file, this results in a download of additional malware components from a CDN server to expand its capabilities. The rest of the attack chain is similar to the scheme explained earlier.
Although it is hard to remove Glupteba Trojan, you need to do it, the sooner, the better. If you’re positive that your computer is compromised by this malware, it isn’t good news for you. It simply means that your computer now is a bot controlled by a remote cybercriminal, most likely to perform further criminal activities by leveraging your PC’s resources and your electricity bill. That said, we recommend you to download powerful anti-malware or antivirus software that is known to take care of this specific malware. Then, boot in Safe Mode to run your security program and eliminate all of virus’ components.
If you have already performed successful Glupteba virus removal, then start recovering your computer from the attack. Our recommendations include the following:
OUR GEEKS RECOMMEND
Our team recommends a two-step rescue plan to remove ransomware and other remaining malware from your computer, plus repair caused virus damage to the system:
GeeksAdvice.com editors select recommended products based on their effectiveness. We may earn a commission from affiliate links, at no additional cost to you. Learn more.
Glupteba Trojan Removal Guidelines
Before you try to remove the virus, you must start your computer in Safe Mode with Networking. Below, we provide the easiest ways to boot PC in Safe Mode with Networking, but you can find additional ones in this in-depth tutorial on our website – How to Start Windows in Safe Mode. Also, see a video tutorial on how to start Windows in Safe Mode:
Instructions for Windows XP/Vista/7 users
Instructions for Windows 8/8.1/10 users
Now, you can search for and remove Glupteba Trojan files. It is very hard to identify files and registry keys that belong to the virus, Besides, malware creators tend to rename and change them repeatedly. Therefore, the easiest way to uninstall such type of a computer virus is to use a reliable malware removal program. We recommend using SYSTEM MECHANIC ULTIMATE DEFENSE , which can also restore deleted files. Additionally. we recommend repairing virus damage using RESTORO.
Special Offer
Compatibility: Microsoft Windows
See Full Review
RESTORO is a unique PC Repair Tool which comes with an in-built Avira scan engine to detect and remove spyware/malware threats and uses a patented technology to repair virus damage. The software can repair damaged, missing or malfunctioning Windows OS files, corrupted DLLs, and more. The free version offers a scan that detects issues. To fix them, license key for the full software version must be purchased.
In order to use System Restore, you must have a system restore point, created either manually or automatically.
Instructions for Windows XP/Vista/7 users
Instructions for Windows 8/8.1/10 users
After restoring the system, we recommend scanning the system with antivirus or anti-malware software. In most cases, there won't be any malware remains, but it never hurts to double-check.
Disclaimer. This site includes affiliate links. We may earn a small commission by recommending certain products, at no additional cost for you. We only choose quality software and services to recommend.
Scott Bolton is a senior content strategist in our Geek’s Advice team. He is exceptionally passionate about covering the latest information technology themes and inspire other team members to follow new innovations. Despite the fact that Scott is an old-timer among the Geeks, he still enjoys writing comprehensive articles about exciting cybersecurity news or quick tutorials.
Private Internet Access (PIA) VPN maintains its long-term role as a leader Private Internet Access…
XCBG ransomware aims to lock your files and demand a ransom XCBG ransomware is a…
BPQD ransomware encrypts all computer files, demands a ransom from the user BPQD ransomware is…
KQGS ransomware is a hostile computer virus designed to encrypt all of your files KQGS…
VTYM ransomware description: a virtual menace to your files stored on the computer VTYM ransomware…
FOPA ransomware is a new threatening computer virus that encrypts your files FOPA ransomware virus…
This website uses cookies.