Trojan.Egguard.PrxySvrRST

Short bio

Trojan.Egguard.PrxySvrRST is Malwarebytes’ detection name for a type of trojan that injects downloaded JavaScript (JS) files into browser sessions.

Type and source of infection

Trojan.Egguard.PrxySvrRST sets a proxy accompanied with a false SSL certificate to perform a man-in-the-middle (MITM) attack.

The installer for this Trojan was included in bundlers.

Trojan.Egguard.PrxySvrRST proxy

Proxy settings by Trojan.Egguard.PrxySvrRST

Protection

Malwarebytes protects users from Trojan.Egguard by using real-time protection:

block Trojan.Egguard

Malwarebytes blocks Trojan.Egguard

As well as the Anti-Exploit module:

block Trojan Egguard exploit

Malwarebytes blocks the Trojan.Egguard exploit

Remediation

Malwarebytes can detect and remove Trojan.Egguard.PrxySvrRST without further user interaction.

  1. Please download Malwarebytes to your desktop.
  2. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  3. Then click Finish.
  4. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  5. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  6. When the scan is complete, make sure that All Threats are selected, and click Remove Selected.
  7. Restart your computer when prompted to do so.

Malwarebytes removes the proxy completely, so if you were using a proxy before the infection, this will have to be reset.

Traces/IOCs

Associated folder:
%APPDATA%\Microsoft\Network\Dsq

Related blog content

Explained: security certificates

10 easy steps to clean your infected computer

How to tell if you’re infected with malware

Select your language