Rimuovere Revenge trojan dal proprio PC
MINACCIA RIMOZIONE

Rimuovere Revenge trojan dal proprio PC

1 Star2 Stars3 Stars4 Stars5 Stars (Ancora nessuna valutazione)
Loading ...

Il Trojan La vendetta è un'arma pericolosa utilizzato contro gli utenti di computer in tutto il mondo. Infetta principalmente attraverso installatori software infetti. Il nostro articolo fornisce una panoramica del suo comportamento in base ai campioni raccolti e rapporti disponibili, Inoltre può essere utile nel tentativo di rimuovere il virus.

Sommario minaccia

NomeRevenge Trojan
TipoTrojan
breve descrizioneThe Revenge Trojan is a computer virus that is designed to silently infiltrate computer systems.
SintomiLe vittime non possono verificarsi alcun sintomo apparente di infezione.
Metodo di distribuzioneLe vulnerabilità software, Installazioni freeware, pacchetti in bundle, Gli script e gli altri.
Detection Tool See If Your System Has Been Affected by Revenge Trojan

Scarica

Strumento di rimozione malware

Esperienza utenteIscriviti alla nostra Forum to Discuss Revenge Trojan.

Revenge Trojan – Distribution Methods

The Revenge Trojan has been spotted in a recent attack campaign. An unknown hacker collective is behind the ongoing attacks, at the moment there is no information about their identity. The captured samples were identified as malware through one of the most common intrusion mechanisms — documenti infetti. The virus installation code is made part of macros that are embedded in the payload documents, essi possono essere di uno qualsiasi dei tipi popolari: documenti di testo, fogli di calcolo, presentazioni e database. Once they are opened by the victim users a prompt will appear asking the victims to enable the content. The window will usually state that this is required in order to view correctly the files.

What’s more dangerous is that other similar tactics can be employed as well. One of the common cases is when the hackers embed the virus installation instructions in software setup files. They target applications that are popularly downloaded by end users such as system utilities, suite creatività, applicazioni per la produttività e l'ufficio ed ecc.

Both the virus files themselves and these two payload types are usually spread through methods that can infect thousands of users at once. There are several methods such as the following:

  • I messaggi email di spam — The hackers can craft phishing emails that appear notifications as being sent by legitimate services. This is done by using their own design layout and text body contents. The fake email phishing messages will link the files in text links or interactive contents. Alternatively they can be directly attached to the messages.
  • Siti web maligni — A related strategy is to create web pages that imitate legitimate services, portali di download, pagine di destinazione ed ecc. They are hosted on similar sounding domain names and in some cases utilizing stolen or hacker-generated security certificates.
  • File-Sharing Sites — Both the standalone files and infected payloads are widely available on networks like BitTorrent where both legitimate and pirate content is freely shared across Internet users.
  • Browser hijacker — Dangerous web browser plugins can be be made by the criminals that are made compatible with the most popular web browsers and uploaded to the relevant repositories. They are accompanied by fake user reviews and stolen or hacker-made developer credentials in order to confuse the victims into thinking that the extension is safe. Their descriptions will promise the addition of new features or performance optimizations.

Other tactics can additionally be used in forthcoming attacks and upcoming versions of the Revenge Trojan.

Revenge Trojan – Detailed Description

The Revenge Trojan appears to be an original creation which doesn’t use any code snippets from previous threats. At the time of writing this article there is information about the identity of the group behind the ongoing attacks. We presume that the threat is modular in nature and that various modules can be added to it.

The captured Revenge Trojan instance appears to launch a main engine which connects to a hacker-controlled server and allows the criminal operators to spy on the victims. Through this secure connection they have the ability to take over control of the affected machines, steal their data and carry out all sorts of malicious actions.

A PowerShell-based script is launched which allows all sorts of components to be added. Trojans such as this one usually all include a certain set of common behavior patterns. A list of them is the following:

  • Recupero delle informazioni — The engine can be programmed to extract sensitive information that can be used to generate an unique ID that is specfiic to each individual computer. This is done by an algorithm that takes its input parameters from data sets such as the parts list of the installed hardware components, impostazioni utente, regional preferences and other related metrics. The other dangerous mechanic used by Trojans is the exposure of personal information which is done by programming the strings to look for strings that contain directly reveal the victims. Common ones include their name, indirizzo, numero di telefono, interessi e le eventuali credenziali di account memorizzati. If the Trojan interacts with the Windows Volume Manager it can also search the removable storage devices and available network shares. The obtained data sets can be used for various crimes including identity theft, ricatti e abusi finanziari.
  • Opzioni di avvio modifica — A popular mechanism that is made part of most Trojans, possibly including future Revenge Trojan variants, is the ability to modify the boot options and configuration files that will set it to automatically start once the computer is powered on. This can also disable most manual user recovery guides as they depend on access to recovery boot menus.
  • Windows modifica del Registro di sistema — The Trojan module is capable of accessing the Registry records not only to create strings for itself but also to modify existing ones. If values that are used by the operating system are affected then the victim users will be unable to access certain services and may experience serious performance issues. Changes to strings used by third-party applications can lead to unexpected errors.
  • Removal of Sensitive Data — The engine can be programmed to locate and delete sensitive files that can seriously disrupt the usual recovery procedure. This is done by targeting System Restore Points, I backup, Shadow Volume Copies and etc. In this case the victims will need to se a combination of a professional-grade anti-spyware utility and data recovery program.
  • Payloads aggiuntive di consegna — The Revenge Trojan can be instructed to insert other malicious threats on the compromised machines.

Future Revenge Trojan campaigns can be instructed to carry out other actions as configured by the hackers.

Remove Revenge Trojan

Se il computer è stato infettato con il Revenge Trojan, si dovrebbe avere un po 'di esperienza nella rimozione di malware. Si dovrebbe sbarazzarsi di questo Trojan più velocemente possibile prima di poter avere la possibilità di diffondersi ulteriormente e infettare altri computer. È necessario rimuovere il Trojan e seguire la guida istruzioni passo-passo fornite di seguito.

Nota! Il sistema del computer può essere influenzata da Revenge Trojan e altre minacce.
Analizza il tuo PC con SpyHunter
SpyHunter è uno strumento di rimozione malware potente progettato per aiutare gli utenti con l'analisi la sicurezza del sistema in profondità, rilevamento e la rimozione di Revenge Trojan.
Tenete a mente, che lo scanner di SpyHunter è solo per il rilevamento di malware. Se SpyHunter rileva il malware sul PC, è necessario acquistare lo strumento di rimozione malware di SpyHunter per rimuovere le minacce malware. Leggere la nostra SpyHunter 5 recensione. Clicca sui link corrispondenti per controllare SpyHunter di EULA, politica sulla riservatezza e Criteri di valutazione della minaccia.

To remove Revenge Trojan Segui questi passi:

1. Boot Your PC In Safe Mode to isolate and remove Revenge Trojan files and objects
2. Find files created by Revenge Trojan on your PC

Utilizzare SpyHunter per la ricerca di malware e programmi indesiderati

3. Scansione per malware e programmi indesiderati con lo strumento SpyHunter Anti-Malware
Avatar

Martin Beltov

Martin si è laureato con una laurea in Pubblicazione da Università di Sofia. Come un appassionato di sicurezza informatica si diletta a scrivere sulle ultime minacce e meccanismi di intrusione.

Altri messaggi - Sito web

Seguimi:
CinguettioGoogle Plus

Lascio un commento

Il tuo indirizzo email non verrà pubblicato. I campi obbligatori sono contrassegnati *

Termine è esaurito. Ricarica CAPTCHA.

Condividi su Facebook Quota
Loading ...
Condividi su Twitter Tweet
Loading ...
Condividi su Google Plus Quota
Loading ...
Condividi su Linkedin Quota
Loading ...
Condividi su Digg Quota
Condividi su Reddit Quota
Loading ...
Condividi su Stumbleupon Quota
Loading ...