Proteus Trojan - How to remove

Proteus Trojan

McAfee Labs by Intel Security detect Proteus malware as W97M/Proteus trojan. Though, it was first detected on the 28th of November, 2016, by the researchers from Fortinet as MSIL/Proteus.A!tr. Written in .NET, this trojan has been named, a new all-in-one botnet. Since it bears a number of the following malicious functionalities: it operates as a proxy, coin miner, keylogger, malware-dropper and as e-commerce merchant account checker.

How is Proteus Malware Distributed?

Proteus trojan can hide in spam e-mail attachments, run on hacked websites, IRC (Internet Relay Chat), P2P Peer-to-Peer file-sharing networks, etc. It is downloaded on the victim’s device by Andromeda malware. Namely, the executable file of Proteus botnet is named chrome.exe. Once on the computer, the chrome.exe file, located at the %AppData% folder, is, then, automatically executed and the encrypted (symmetrical) communication with the C&C (Command and Control) server is begun. The encrypted hostname of the C&C server is http://prot{removed}twork.ml/. The unique identification number for the infected computer is created, after the botnet provides the information regarding the processor, BIOS and baseboard data to the C&C domain.

What is Proteus Trojan Capable of?

The number of the current version of Proteus botnet is 2.0.0. The botnet uses proxy protocols to communicate with the C&C server. Thus, the communication is difficult to detect. It follows, then, that the detection of the malware itself is much more difficult itself. For instance, Proteus detection rate, according to the VirusTotal scan, is 4 out of 44. So, as you can see, the virus has quite a potential to be working in the background unnoticed.

Next, Proteus trojan can download and install SHA256 crypto-currency miner, as well as CPUMiner and ZCashMiner to mine such crypto-currencies as the most popular one, that is, Bitcoin, also Litecoin, Zcash, etc. The mining of crypto-currencies is a process, which requires a lot of the resources of the GPU (Graphics Processing Unit) and CPU (Central Processing Unit), which, in turn, makes the infected computer work at its full capacity for the mere purpose of currency mining, while other processes on the system get extremely slow. Furthermore, Proteus has the feature of a spyware by stealing the passwords of such user accounts as those on Amazon, eBay, Spotify, Netflix and some of the ones, which domain name is .de, meaning that they are located in Germany.

In addition to all the malicious acts set forth above, Proteus malware can download and install a keylogger on the victim’s PC, which would capture what the victim is typing – another property of a spyware-like virus. And, as regards the downloading and installation of other malware threats on the compromised device, it can, practically, be any virus set up, upon the ensued command from the C&C server.

How to Remove Proteus Botnet from Your Machine?

Proteus botnet can be removed with anti-malware software. Typically, we provide our users with the manual removal instructions for various malware threats, though, in the case of a botnet infection, it is better to rely upon the automatic removal. It would be extremely difficult, especially for the general users, to manually deal with the botnet, as these viruses are not only one of the most complex cyber threats, but they are also the highly developed virtual parasites. So that you will not need to carry out an online investigation regarding the software, which can be used to remove the latter malware from your PC, we have prepared a list of three antivirus programs, which can be used for the successful removal process of Proteus trojan. These are the following three malware scanners: Spyhunter or Malwarebytes. Indeed, we have to warn you that even the most recent and the best reviewed software can get hindered in the process of this type of malware removal. If this is what happens in your particular case, comment and we will try to help you.

Automatic Malware removal tools

Download Spyhunter for Malware detection
(Win)

Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,

Download Combo Cleaner for Malware detection
(Mac)

Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,

Removal guides in other languages

Leave a Reply

Your email address will not be published. Required fields are marked *