HTML:RedirME-inf [Trj]

Detected by Avast

HTML:RedirME-inf [Trj] is a threat identified by Avast Anti-virus products. This is a typical malware that targets the core system of Windows in order to complete its tasks. HTML:RedirME-inf [Trj] was made to execute a series of commands once it gets inside the system. It will gather data like system settings, Windows version, network configuration, and so on. Collected data will be sent to remote attacker for analysis.

Threat behavior

Installation

In general, system will get infected with HTML:RedirME-inf [Trj] if malicious code is executed on the computer. Source of this trojan may vary due to the changing ways how it is deployed. Typically, spam email messages disguising as open letter from reputable institution are used to deceive recipients. Body of the message contains enticing phrases that tries to convince user into opening the attached file.

Malicious links from social media sites and instant messaging program are also seen as method used in distributing HTML:RedirME-inf [Trj]. Illegally distributed software and media materials may also contain code that can lead to the infection of this malware.

Payload

In order to run itself on Windows start-up, HTML:RedirME-inf [Trj] will make a copy of itself under system files. Then, registry entry is created to call the file on each Windows boot-up. Apart from that, this malware will also drop non-malicious files on various folders of the compromised PC.

HTML:RedirME-inf [Trj] occasionally connects to a remote host to execute tasks like the following:

  • Notify attacker on the new infection
  • Sends gathered data from the infected computer
  • Download and execute additional files including an updated version of the trojan
  • Accept command from a remote attacker

Symptoms

There is not much obvious symptom from this malware. HTML:RedirME-inf [Trj] operates silently in the background. However, Avast Anti-virus may alert you on the presence of this trojan.

How can you remove HTML:RedirME-inf [Trj]?

To totally remove HTML:RedirME-inf [Trj] from the computer and get rid of relevant viruses, please execute the procedures as stated on this page. Make sure that you have completely scan the system with suggested malware removal tools and virus scanners.

First step: Scan the computer with Norton Power Eraser

1. Download Norton Power Eraser from the link below. Save the file on your hard drive.

NPE Download Link (this will open on a new window).

2. Once the download completes, double-click on the file NPE.EXE to run the program.

3. You will be prompted with End User License Agreement. Please click on Accept to continue.

4. Norton Power Eraser will check for the most recent version. Then, the main window will appear. Click on Scan for Risks to the scan and removal process for HTML:RedirME-inf [Trj].

NPE-Main

5. By default, Norton Power Eraser was configured to perform rootkit scan. This is essential to get rid of HTML:RedirME-inf [Trj] or other relevant malware. To accomplish this, you will need to restart the computer. Please click Restart button.

NPE-Rootkit

6. After restarting Windows, the program will check for possible database update and then, proceeds with the scan. It may take a while, please wait for the scan process to complete.

NPE-Scanning

7. Once scanning is done, Norton Power Eraser will display a list of threats including HTML:RedirME-inf [Trj]. Review identified threats and remove/repair them from the PC by clicking on Fix Now button.

8. If you are prompted to restart the computer in order to complete the virus removal process, please click on Restart Now.

Second step: Run Sophos Virus Removal Tool

1. Download Sophos Virus Removal Tool from the link below. Save the file to your Desktop so that we can access the file easily.

2. After downloading, navigate to the file location and double-click it. This will start the instllation procedure. User Account Control will prompt if you want to run the program, click Yes to continue.

3. On initial launch of the program, it will display a Welcome Screen as shown in the image below. Click Next to start the installation procedure.

sophos-welcome

4. Next, you need to accept the license agreement before Sophos Virus Removal Tool can be installed onto the computer. Choose 'I accept the terms in the license agreement'. Then, click Next button.

sophos-license

5. On the next prompts, please click appropriate button to proceed. At the end of the installation process, it will display InstallShield Wizard Completed. Just leave the Launch Sophos Virus Removal Tool with a check mark. Then, click Finish.

6. The tool will download necessary updates so Internet connection is required at this point. Lastly, Sophos Virus Removal Tool displays the welcome screen.

7. Click on Start Scanning button to begin checking the system for presence of rootkit and virus. The tool reveals items that were found linked to HTML:RedirME-inf [Trj]. It also detects and removes other malicious files.

sophos-startscan

2 thoughts on “HTML:RedirME-inf [Trj]

  1. maurice

    Hi there great job folks :-). Hope these tools to remove this treat are free as I have not tried them yet. Also, would just like to ask if by chance an antivirus is already installed will there be any issues with installing and running these programs? If by chance there is, would it be prudent to advise overly keen individuals such as myself of any blue screens of death horrors if any such chance may prevail? As stated, I have not tried these tools as yet but cringe at the thought of above mentioned error, please advise. Thank you for your time and patience with a individual such as myself. Merry Xmas!

  2. James

    hey what do i do when i get AVG popping up, saying it blocked HTML:RedirME-inf [Trj] but the norton power scan finds nothing? 🙁

Leave a Reply

Your email address will not be published. Required fields are marked *