Trojan.Trensil is a trojan horse, a form of malware. It contains malicious code that, when executed, carries out actions that typically cause loss or theft of data.
Trojans can also open a back-door into your system, contacting a controller which can then have unauthorized access to your computer. Trojans may also harm your computer directly.
The term trojan horse comes from the tale of the wooden horse used to defeat the City of Troy in an ancient Greek legend. The story goes that the army besieging Troy pretended to give up by sailing away. However they left behind a gigantic wooden horse. The Trojans treated the horse as booty and hauled it into their city. That night, soldiers concealed in the horse came out and captured Troy.
The comparison is apt. In the world of information technology, trojan horses often use social engineering to infect computers, persuading their victims to voluntarily install them on their computers by presenting themselves as useful or interesting programs or files.
If you are infected, it is likely that the trojan got into your computer when you unknowingly:
- clicked on malicious links or visited malicious websites, or you
- downloaded freeware, adware or other content, or you
- opened infected emails, or you
- connected an infected USB device or other media to your computer.
In all these cases, Trojan-Trensil is distributed via a specially crafted PDF document acting as a carrier which exploits a vulnerability that is found in most versions of Windows.
What Trojan.Trensil does to your computer?
The first thing that Trojan.Trensil does is to create the following files:
Immediately after that, it makes changes to the following registry subkey:
Then the trojan creates a service called WmdmPMM. This service causes the trojan to be executed every time you start up your system.
After that, it connects to two remote locations:
Once the trojan has connected to these to locations, you computer is completely vulnerable. The malware can now receive commands from the attacker’s remote location and send information to that or other remote locations.
Therein lies the danger… your private data (bank account numbers, credit card details, passwords etc) is now entirely exposed, ready for the taking.
In addition, this trojan is difficult to detect because it can enter your antivirus program and disable it, along with your firewall.
While the above description of what Trojan.Trensil does to you computer may seem a bit technical, knowing the details of how this malware operates is the key to getting rid of it as you’ll see below.
So how do you know if you have the trojan?
Symptoms of a Trojan.Trensil attack
Here are some common symptoms of a Trojan.Trensil infection:
 Your system slows down considerably. You’ll notice it when you try to open programs, connect with the internet or shut down your computer. This is because the malware is increasing the use of your CPU (central processing unit). If it is not removed it can cause a complete crash.
 You are plague with pop-up ads. This happens because Trojan.Trensil has corrupted your Windows registry in order to deploy these unwanted advertisements.
 You find that searches using Google and Yahoo are redirected to a variety of unwanted sites which can be infected. You’ll notice that the background image on your desktop and your browser’s homepage settings have changed. These are common symptoms of a Trojan.Trensil infection.
 You may also notice that various files, folders, icons and shortcuts in different locations of the system are being created.
Having these symptoms does not necessarily prove that you are infected by this particular trojan. However, they are strong indicators that you have a serious problem.
You can check for a Trojan.Trensil infection by searching for any of the four files shown above. In addition, you could look in the Windows registry for the registry subkey mentioned above.
Removing the Trojan.Trensil
Here’s how you can rid your computer of this trojan:
 Turn of Windows System Restore – in your desktop explorer, right-click on My Computer and select Properties. Click on the Systems Restore tab. In the Systems Restore dialogue box, click Turn off System Restore on all drives. Ignore the warning in the pop-up box and click OK.
 Restart your computer in safe mode – as your computer is starting up, press the key F8 rapidly until the Advanced Options menu shows on your screen. Then select Safe mode from the menu that appears.
 Delete temporary internet files – open desktop explorer (either from the start button or by pressing the Windows key and E at the same time). Click on Local Disk (C:). Then navigate to:Documents and SettingsYourusernameLocal SettingsTemporary Internet Files. You need to delete all these files.
Click anywhere in the right hand pane then press Control and A simultaneously to highlight all the files. Hit the Delete button while holding down Shift and when the warning box comes up, click OK (still holding Shift down). All the files will disappear.
[Holding Shift down means the files are deleted fully rather than being sent to the Recycle Bin. If you don’t hold down Shift then you’ll have to empty the Recycle Bin.]
 Open Task Manager – by pressing the ALT+CTRL+DEL keys simultaneously. Windows Task Manager will open. You need to free up your CPU by ending any useless programs that are running.
You can find the programs you need to end as follows:
If you are in Windows 7 or earlier versions of the Windows operating system, go through the list of programs under the Processes tab. Look for telltale signs of malicious programs, such as programs with odd-looking filenames or ones that are running from a temporary folder. Once you have found a program you want to end, highlight it and then click on End Process.
If you are using Windows 8, go through the list of programs shown under the Details tab in Task Manager. Check under the Command-line column (on the right). Again, once you have found a program you want to end, highlight it and then click on End Process.
 Clean up registry entries created by Trojan.Trensil – the easiest way to do this is to delete all files that are safe to remove from the registry. There are two ways you can do this:
(a) Click the Start button and then click Run. Type regedit.exe in the Run dialogue box that appears and click OK. When the Registry Editor box opens, click on Edit and then on Find. Enter the name of a file you want to remove in the File What field and click Find Next. When the file turns up you can delete it. You can the precise names of files that can be safely deleted by going to a Norton/McAfee knowledgebase site.
(b) A simpler way to download and use a maintenance application such as jv16 Power Tools which includes a registry cleanup program. You just follow the instructions to find a list of ‘files that should be safe to remove’ and then click on the Remove button.
That’s it! Your computer should now be free of the Trojan.Trensil malware, provided you have been able to follow the above steps for getting rid of it.