Backdoor.Win32.Clampi.a

A new backdoor trojan virus has been discovered and is known as Backdoor.Win32.Clampi.a. It is a trojan spy program designed to steal confidential data and remotely manage the victim machine. It is a Windows PE EXE file that is 470 bytes in size. It is designed to harvest information from the victim machine by connecting to servers to download and run malicious code. It is looking to steal user name, login data, program passwords, and local and network passwords. It can be configured to steal login and password data for internet banking systems by substituting spoofed pages for the genuine banking system pages. This is a very dangerous identity theft tool that can leave its victims with a terrible economic mess. If you suspect your machine has been infected with this trojan virus you can do the following to delete it from your machine:

Use Task Manager to terminate the malicious process.

Delete the original backdoor file.

Delete the file created by the backdoor:
%AppData%\.exe

Delete the following system registry key:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"" = %AppData%\.exe

Update your antivirus databases and perform a full scan of you computer.

When doing any kind of online banking or using sites that require a login password, use the sites security features such as identifiable security pictures and security questions to make sure you are actually on a legitimate site. Spoof sites will try to reproduce an official looking site but lack the security measures that more and more sites are now using to protect you and your identity.

"Viruslist.com". Kaspersky Lab. 11/22/2009 <http://www.viruslist.com/en/viruses/encyclopedia?virusid=21782964>.