Home / Spyware Help / Trojan.IconDown Removal Guide

Trojan.IconDown Removal Guide

by 0 Comments

Do you know what Trojan.IconDown is?

Trojan.IconDown is a malicious program that runs on the infected system for a long time before anyone notices it. These days, Trojans are usually used by attack groups that target specific entities or networks. Although it might not be that easy to detect this infection on your system, it is strongly recommended to run regular system security scans with a powerful antispyware tool that would detect all the potential infections immediately. This way, you would be able to remove Trojan.IconDown from your computer automatically, at the same time protecting it from other potential threats.

The attack group that is behind Trojan.IconDown is called BlackTech. This group is known to be responsible for multiple espionage attacks in Asia. Security researchers suggest that most of the Trojan.IconDown attacks occur in Taiwan, but it doesn’t mean that it could be detected in other regions, too. What’s more, there are several ways for this infection to reach its victims. Two infection methods that are pointed out by the security researchers are the supply chain attack and the man-in-the-middle attack. Supply chain attack is a malicious attack that targets less-secure elements in the supply network. The most common example of a supply chain attack could be ATM malware. The man-in-the-middle attack is sometimes also called an eavesdropping attack, when conversation between victims is controlled by the attacker.

How does that work with Trojan.IconDown? Well, as far as the supply chain attack is concerned, we know for sure that this Trojan spreads as an update function of ASUS WebStorage. When you see the name “ASUS” you probably automatically get the impression of something reliable. However, attackers find a vulnerable part of legitimate system, and make use of that to spread their malware.

Also, the ASUS WebStorage software can be exploited in the man-in-the-middle attack. Every software needs to be updated once in a while. However, when ASUS WebStorage downloads an update, the software doesn’t check whether the update is authentic or not. So, if someone intercepts the update request and changes the update patch with a set of malicious data, the system could get infected with malware the moment someone runs that update.

However, when it comes to the likes of Trojan.IconDown, we always have to remember that there are several stages to these infections. For instance, when one malware component reaches the target system, it usually connects to the Internet behind the victim’s back to download the actual payload. From there, it is a matter of choice what Trojan.IconDown and all its components might do.

Since this infection is usually used for espionage purposes, the chances are that the Trojan will be employed to collect sensitive information on the infected systems. What’s more, it is very likely that the infection will remain hidden on the victim’s network for a long time, unless the said victim runs regular system security scans. Therefore, anyone who wants to avoid these infections have to employ comprehensive security measures that would cover all the aspects of a malware infection.

To take everything into account, Trojan.IconDown is a Trojan downloader that is used by the BlackTech attack group. It is merely the first stage of a bigger infection, and its main objective is to slither into the target system. Keeping in mind its distribution vectors, security researchers suggest that software developers need to implement proper update mechanisms that are hard to compromise. The system is always as strong as its weakest link. And if the weakest link can be broken, then the system can be breached, too.

Is it possible to remove Trojan.IconDown manually? Yes, it is not hard to terminate this downloader. Nevertheless, we have to remember that this infection could be just one of the many malicious elements on your system. Thus, if you want to protect your computer from harm, you should employ a licensed antispyware program that would run a full PC scan and remove Trojan.IconDown automatically along with all the other potential threats.

What’s more, if Trojan.IconDown has infiltrated a corporate computer network, a security program might not be enough to prevent similar infections in the future. It is also vital to educate yourself and your employees about malware, as that will surely help you stop other threats from entering your system.

How to Remove Trojan.IconDown

  1. Press Win+R and type %AppData%. Click OK.
  2. Go to Microsoft\Windows\Start Menu\Programs\Startup.
  3. Delete the slui.exe and ctfmon.exe files.
  4. Press Win+R again and type %TEMP%. Click OK.
  5. Delete the DEV[4_random_characters].TMP file.
  6. Run a full system scan with a security tool of your choice.

In non-techie terms:

Trojan.IconDown is a dangerous computer infection that allows cybercriminals to spy on multiple affected systems. Running regular security scans is extremely important if you want to track such infection immediately. It might not be possible to prevent it from entering your system if you don’t know how these programs spread. Thus, you need to invest not only in licensed security applications, but also in the overall cybersecurity awareness.