Attacks by the notorious “Pandemiya family” of trojan horses have increased lately and experts advise all users who have visited suspicious sites, opened unfamiliar mail attachments or have run into Trojans before, to check their computers for this specific Trojan. If a user has encountered a Trojan from the Pandemiya family now or in the past, there can be files that allow it to self-replicate.
|Type||Trojan Horse, Backdoor|
|Short Description||The Trojan’s aim is to steal personal data and credentials and may infect a compromised system with other malware.|
|Symptoms||The Trojan may delete, download and create files, restart the compromised computer and change different computer settings.|
|Distribution Method||Targeted Attacks, Email Attachments.|
|Detection Tool||Download Malware Removal Tool, to See If Your System Has Been Affected by Trojan.Pandemiya|
|User Experience||Join our forum to discuss about the Pandemiya Trojan.|
Pandemiya Trojan – How Did I Get It?
There are a number of ways you could get infected with the “Pandemiya” Trojan horse. The most common distribution method is to install it manually as another program which is under the pretense that is useful. Thus, without knowing, you are getting the Trojan inserted into your system.
You might have been infected with the Trojan from a targeted attack by downloading an attachment from an electronic letter. Files that can be used to spread various threats such as the Pandemiya Trojan, more often than not, have these extensions: .bat, .exe, .vbs, .pif, .scr and other executable ones. The Trojan can restart your computer, so it can regenerate with each such triggered restart. You could also get infected via some plugin, extension, popup banner, or a site with malware on it.
Pandemiya Trojan – In Detail
Once the Trojan is executed, it creates the following files:
→C:\Documents and Settings\All Users\Application Data\[Random symbols].exe
Afterwards, the Trojan creates the following registry entries:
→• HKEY_LOCAL_MACHINE\system\CurrentControlSet\Control\Session Manager\AppCertDlls\”[Random symbols]” = “%System%\[ Random symbols].dll”
→• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”[Random symbols]” = “C:\Documents and Settings\All Users\Application Data\[Random symbols].exe”
After those registry entries are created, the Pandemiya Trojan will be run with each start of Windows. With these modifications made, Firewall settings will also be changed. This allows the Trojan to open a backdoor on the compromised computer and then connect through it to any of the following remote locations:
After it is connected successfully to a remote location, the Trojan may then perform any of the following actions:
• Track processes
• Identify newly created processes
• Load new modules and plugins
• Steal information from Web forms
• Capture screenshots
• Restart the computer
• Gather cookies information
• Gather system information, such as the OS version and architecture
• Create and execute files
• Remove files and directories
• Download files
This proves that the Pandemiya Trojan horse has dangerous capabilities, including: setting a two-way backdoor to remote locations selected by a cyber-criminal; steal very sensitive and personal information from the targeted computer; restart the system, so it can self-replicate or do other malicious tasks!
Remove Pandemiya Trojan Completely
This Trojan can spy on you, access different sensitive information and over time, infect you with different kinds of malware. It may track your personal information and send that data to the hackers that created it, which can aid them to profit from it. In order to completely get rid of the Pandemiya Trojan horse from your computer, carefully follow the step-by-step removal guide provided down below!