What is the Torpig virus

Torpig Virus refers to a trojan that focuses on stealing personal and corporate data, including bank account information. Referred to as one of the most sophisticated trojans ever created, Torpig has been active since 2005.

 

The Torpig data-stealing trojan was first noticed almost 15 years ago, and while it’s not as prevalent as it was late 2000s ~ early 2010s, it can still be encountered today. Alternatively known as Anserin or Sinowal, Torpig is essentially a data stealing malware that primarily focuses on banking information. It can steal all kinds of information from an infected device, including credit card details, online bank credentials, etc. Furthermore, in order to avoid being detected, the trojan can block anti-virus programs from launching and working normally.

Torpig malware only affected Windows systems (unupdated in particular), and is spread onto devices infected with the Mebroot rootkit. Once the rootkit is in a computer, it essentially opens a backdoor, which allows other malware like Torpig to enter. In the past, Mebroot rootkit was primarily distributed via drive-by downloads on infected websites, but could have also been encountered in malicious emails.

When the Mebroot rootkit opens the door for Torpig to enter the computer, it can perform a variety of activities. It primarily focuses on stealing sensitive information related to online banking and credit cards. However, it can also disable anti-virus programs from operating as normal, block security websites to prevent users from downloading security programs, as well as modify data on the infected computer. It could delete certain files from the computer, as well as steal sensitive files.

While the Torpig Virus may be able to disable anti-virus programs and make detection more difficult, it’s not impossible. To launch the anti-virus properly, it would be necessary to reboot the computer in Safe Mode or in Safe Mode with Networking if downloading anti-virus is necessary. The anti-virus should then be able to delete Torpig.

Torpig usually installs via Mebroot rootkit

Torpig is among the many similar infections that used to use the Mebroot rootkit. The rootkit uses the drive-by-download method to infect computers without users even noticing or even doing anything. If users visit a compromised or simply malicious site and, for example, interact with an ad, they may trigger a download of the malicious file. The download could be triggered by users clicking on a seemingly inconspicuous ad, or users could be tricked by fake update notifications that appear when browsing certain high-risk websites.

Fake update notifications have been used for malware distribution for a long while now but many users still fall for it. The way these fake updates work is users are shown an ad that’s made to appear like a legitimate update notification and it requests that users download the supposedly important update. If users do download it, they end up infecting their computers with malware. Most users will be aware that legitimate update notifications do not appear in a browser. If a program needs to be updated, it would either do it automatically without user interaction, or it would show an alert (not in a browser) informing that updating is necessary. Users should only ever download updates from official sources, not random ads that appear in questionable websites.

Users could also end up infecting their computers with something by opening malicious email attachments. Malware can come attached to emails and all users need to do to initiate it is open the infected attachment. This is why users are always warned to be careful when opening unsolicited email attachments. Fortunately, in many cases the emails are quite obvious. They are sent from random email addresses, contain loads of grammar/spelling mistakes, and demand that users open the attached file for one reason or another.

Tech-support scams may claim that your computer is infected with Torpig Virus

Similarly to Zeus, Torpig is a rather legendary malware, which is why you may encounter tech-support scams claiming that your computer is infected with Torpig Virus. Since it’s a legitimate infection, users skeptical of the fake notification would research it and encounter results claiming it’s a legitimate threat, thus would then believe it.

You could be redirected to a tech-support scam either by an infection like adware or by a questionable website. The alert would falsely claim that your computer is infected with the Torpig virus, and that you need to act immediately to prevent it from stealing your files and personal information. You would be asked to call the shown phone number to get help from supposedly professional technicians, who in reality would be professional scammers. If you were to call, the scammers would ask you to allow them to remotely connect to your computer, allowing which means the scammers would be able to install highly questionable programs onto the computer or steal files while pretending to fix it. By the end of the supposed repair session, the fake technicians would demand that you pay hundreds of dollars for the “services”.

In case you weren’t already aware of this, virus alerts that appear in your browser will always be fake. Your browser does not detect malware because it’s not able to do that. Only trust legitimate anti-virus programs to detect malware. It should be mentioned that legitimate alerts for anything, whether it’s a virus or an update, will never display a phone number and ask you to call it.

Torpig Virus removal

Because it’s a sophisticated infection, you may struggle when trying to remove Torpig from the computer. It may be able to disable the anti-virus programs and prevent them from working normally. But you can bypass this by rebooting your computer in Safe Mode. You will be able to operate your security program in Safe Mode, and this will allow you to delete Torpig from the computer. If you don’t have anti-virus installed, reboot the computer in Safe Mode with Networking, download a reputable anti-virus and remove Torpig from your device with it.

Because Torpig is a data stealing trojan, you need to carefully check your accounts and change passwords once the infection is no longer present. Enable two-factor authentication when possible to prevent unauthorized access to your accounts in case your login credentials were stolen.