Follow:

You have been re-routed to the Trojan:Win32/Swrort.A write up because Trojan%3aWin32%2fSwrort.A has been renamed to Trojan:Win32/Swrort.A
 

Trojan:Win32/Swrort.A


Microsoft security software detects and removes this threat.
 
This threat can give a malicious hacker access to your PC to download other malware.
 
It can be installed when you visit a hacked or compromised webpage.
 


What to do now

The following free Microsoft software detects and removes this threat:

Even if we've already detected and removed this particular threat, running a full scan might find other malware that is hiding on your PC.

Get more help

You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.

If you’re using Windows XP, see our Windows XP end of support page.

Threat behavior

Trojan:Win32/Swrort.A is a detection for files that try to connect to a remote server. Once connected, an attacker can perform malicious routines such as downloading other files.

They can be installed from a malicious site or used as payloads of exploit files.

Once executed, Trojan:Win32/Swrort.A may connect to a remote server using different port numbers. Once connected, an attacker can perform malicious routines such as downloading other malware and executing them.

We have seen this threat connect to the following servers:

  • 202.54.98.156 via TCP port 4444
  • 10.10.10.31 via TCP port 443
  • 188.50.82.246 via TCP port 1234 

Analysis by Elda Dimakiling


Symptoms

Alerts from your security software may be the only symptom.


Prevention


Alert level: Severe
First detected by definition: 1.71.2046.0
Latest detected by definition: 1.187.1104.0 and higher
First detected on: Jan 11, 2010
This entry was first published on: Jun 28, 2010
This entry was updated on: Jul 28, 2014

This threat is also detected as:
  • W32/Rozena.A.gen!Eldorado (Command)
  • W32/Swrort.A (Norman)
  • Win32/Swrort.A!generic (CA)
  • Win32/Rozena.AA (ESET)
  • Trojan.Win32.Rozena (Ikarus)
  • Swrort.a (McAfee)
  • Mal/Swrort-A (Sophos)
  • Trojan.Win32.Swrort.A (Sunbelt Software)