Topinambour

What is Topinambour?

Topinambour is a Trojan from hackers known as Turla. It is a group of Russian speaking cybercriminals that usually attack systems of government institutions. Therefore, it is unlikely that this new malicious application could be targeted at regular home users, although we cannot be one hundred percent sure. In this text, we describe how the malware could put a user’s computer and privacy at risk, how it could enter a system, and most importantly, how to eliminate Topinambour. What we like to state from the start is that we cannot guarantee the steps provided in the deletion section will help you delete the malicious application manually. That is because the threat could have other versions that might work differently. For more information, we invite you to read the rest of our article.

Where does Topinambour come from?

Our researchers at Anti-spyware-101.com report that there could be a few different versions of Topinambour and they all could be spread through various channels. For instance, some could be traveling with infected Java Scripts, while others could reach their victims via infected email attachments. Thus, avoiding such threats may require taking extra precautions. First of all, it is advisable to keep a legitimate antimalware tool. Such a tool can not only guard your system but also help you identify if a file downloaded from the Internet is malicious or not; you just need to scan it. Of course, it is important not to interact with any content that seems suspicious, comes from unknown senders or unreliable websites/advertisements, and so on. In other words, you can never let your guard down.

How does Topinambour work?

The sample our researchers tested placed its data in %LOCALAPPDATA%\VirtualStore and %TEMP%. Also, it is possible the malicious application could create a scheduled task to be automatically relaunched after a system's restarts. After Topinambour settles in, the threat might be able to download content, launch files, and take screenshots. Meaning, the Trojan could be able to drop more malware on an infected system or spy on the user. Thus, it is safe to say that the malicious program could cause a lot of trouble if it is left unnoticed on a system too long. The problem is that such infections can hide well as they can perform all of their tasks silently in the background. Consequently, victims might not realize the threat is on their system for quite some time. Needless to say, if you discover it on your computer, you should not hesitate to remove Topinambour immediately.

How to eliminate Topinambour?

As said earlier, we cannot guarantee that the instructions provided below will work for everyone. That is because the threat could have other versions and different variants may use various directories to hide their data. Thus, a safer way to eliminate Topinambour would be to use a legitimate antimalware tool that could remove all data associated with the malicious application for you. All there is to do is pick a reputable antimalware tool, perform a full system scan with it, and press its displayed deletion button to get rid of all identified threats.

Erase Topinambour

1. Click Ctrl+Alt+Delete.
2. Pick Task Manager and select Processes.
3. Locate a process belonging to the Trojan.
4. Select it and click End Task.
5. Exit Task Manager.
6. Click Windows key+E.
7. Go to this folder: %LOCALAPPDATA%\VirtualStore
8. Look for a file named certcheck.exe (title could be random), right-click it and press Delete.
9. Navigate to: %TEMP%
10. Find a file called activator.exe, right-click it and choose Delete.
11. Locate these directories:
    C:\Windows\Tasks
    C:\Windows\System32\Tasks
12. Look for tasks that could belong to the malicious application, right-click it and choose Delete.
13. Exit File Explorer.
14. Empty your Recycle Bin.
15. Restart the computer. Download Removal Tool100% FREE spyware scan and
    tested removal of Topinambour*