Latest Updates
May
21
Win32/Dofoil
Posted by Roger Conroy on 21 May 2019 09:17 AM

Win32/Dofoil

On March 6, 2018, behavior monitoring and machine learning technologies in Windows Defender Antivirus stopped a Dofoil variant (also known as Smoke Loader) that tried to infect more than 400,000 computers. The massive campaign aimed to install a cryptocurrency miner that uses victim computers' resources for coin mining purposes. Learn how artificial intelligence stopped the attack within minutes

 

Threat Behavior:

When run, this trojan drops an executable file—a randomly named copy of itself—into the %LOCALAPPDATA% folder.

To stay persistent, it creates a variably named registry entry: 

In subkey: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Sets value:  <variable> With data: <path of dropped executable file>

We have observed some samples of this trojan use names from the Uninstall key in the registry. This disguises the trojan registry entry as something created by another application

 

Arrival Details

This Worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Installation

This Worm drops the following files:

  • {Removable Drive}:\.lnk

It drops the following copies of itself into the affected system:

  • %User Startup%\win{random}.exe
  • %Common Startup%\win{random}.exe
  • %Windows%\{Random Numbers}\winsvcs.exe
  • %Windows%\{Random Numbers}\windrconfig.exe
  • %User Temp%\{Random Numbers}.exe
  • %Program Data%\{Random}\windrvconfig.exe

 

Solution :

Step 1

Before doing any scans, Windows 7, Windows 8, Windows 8.1, and Windows 10 users must disable System Restore to allow full scanning of their computers.

Step 2

Note that not all files, folders, and registry keys and entries are installed on your computer during this malware's/spyware's/grayware's execution. This may be due to incomplete installation or other operating system conditions. If you do not find the same files/folders/registry information, please proceed to the next step.

Step 3

Delete this registry value

 

URL:

https://www.securityweek.com/microsoft-detects-massive-dofoil-attack

https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/worm.win32.dofoil.aa

https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win32/Dofoil.AB

 

 


Read more »



May
13
Mac.BackDoor.Siggen.20
Posted by Roger Conroy on 13 May 2019 12:19 PM

 

What is "Mac.BackDoor.Siggen.20"?

            Specialists of the Russian company Dr Web found malicious software that threatens the MacOS operating system. Mac.BackDoor.Siggen.20 is the name of a malicious program which is designed to operate as a backdoor allowing downloading a malicious code from some remote server and then executing the malicious Python code. This malware can be installed on both MacOS and Windows operating systems. Malware that is designed to infect Windows is named BackDoor.Wirenet.517.

 

            The ill-effects of Mac.BackDoor.Siggen.20 can add malicious codes or payloads in the registry editor. It helps the threat to execute automatically after every booting of the PC. To annoy the users during their important work, it will restart your system at certain interval of time and hamper your task. It also has capability to decrease the performance speed of various functions of the system by creating fake processes in the task manager. Besides this, it can monitor your online transactions and records the sensitive data secretly. Additionally, it can share your details with the cyber crooks to harm your personal identity. What’s more, this threat is also responsible for corruption of data, changes in default settings, system freezing etc. Thus, you need to removeMac.BackDoor.Siggen.20 virus completely from your PC without any further delay.

 

Harmful Effects of Mac.BackDoor.Siggen.20 Virus

          Once installed on your computer, Mac.BackDoor.Siggen.20 virus can leads to major damages. It can brutally mess up with your system and destroy your entire computer. Some of the most common and visible effects of this nasty virus are:-

  • Mac.BackDoor.Siggen.20 virus can silently intrude your computer without permission.
  • It can destroy your system programs, files, software etc.
  • It will disable your anti-virus and firewall security programs.
  • Mac.BackDoor.Siggen.20 virus can also bring similar threats, spyware, and malware on your computer.
  • Block important features like Control Panel, Registry editor, Task manager and many more.
  • Create new registry keys to get started automatically on your system.
  • Steal your personal and financial information and send to hackers.
  • Create backdoor on your PC to allow hackers to remotely access your PC.

                                                  Fig: Summary about the Threat.

 

Removal steps for Mac.Backdoor.Siggen.20

To remove Mac.BackDoor.Siggen.20 from your infected computer, you have to completely remove all the hidden files and left overs associated with this infection. Keep in mind that it may have distributed its copies at different locations on your system under different names. It could be quite time taking to detect those files manually, so you can try Automatic Malware Scanner to see if it can detect those threats for you. Well, before starting the removal process users must know that manual option is quite tricky and time consuming; hence users will need essential technical expertise in order to remove Mac.BackDoor.Siggen.20 using manual method. Moreover any kind of mistake or technical complication will land the users in even worst circumstances and can make your system completely unusable. However, if you have good technical skills then follow the bellow methods carefully in order to get rid of Mac.BackDoor.Siggen.20 manually from your Windows PC. Manual detection can take lots of time and there is also a high probability that will delete wrong files which can damage your system. Therefore, FOR THE SAFETY OF YOUR SYSTEM, we highly recommend you to choose Spy Hunter’s automatic malware scanner to see if it can detect this infection on your computer. You can download the trial version of software to scan your computer. If the software detects Mac.BackDoor.Siggen.20 infection on your system then only purchase the license to remove detected threats from your system.

 

 

 

Related Links:

https://www.ehackingnews.com/2019/05/russian-antivirus-company-drweb-found.html

https://www.pcmalwarerepair.com/how-to-remove-mac-backdoor-siggen-20-virus-from-pc

https://www.removeallvirus.com/delete-mac-backdoor-siggen-20-virus-from-infected-pc

http://www.virus4remove.com/remove-mac-backdoor-siggen-20/

https://www.pcrisk.com/removal-guides/15006-mac-backdoor-siggen-20-virus-mac

https://www.uninstallallpcvirus.com/how-to-remove-mac-backdoor-siggen-20-virus-from-pc


Read more »



May
10
Infostealer.Predapa!gm
Posted by Roger Conroy on 10 May 2019 09:56 AM

Trojan Horse Infostealer.Predapa!gm is a dreadful Trojan pest skilled in degenerating your PC’s comprehensive performance through planting malicious files into your PC to overthrow the security system of the PC, so as to make your PC become a easy target for hackers. Once it successfully infiltrated your PC, you will be frustrated by the following serious hazards: your PC becomes slower than before and experiences more crashes; the important data, files and information will be deleted by virus; the registry entries will be messed up and then the PC will meet lots of errors; your web browser’s setting would be changed and your homepage may be redirected to some dangerous websites; many high-level threats such as spyware or rootkits will be downloaded onto your PC without your permission, imperiling your system and network environment with high risks, etc. What’s worse, Trojan Horse Infostealer.Predapa!gm can disable your firework and antivirus to defend itself. Many computer users would subconsciously think of the existing antivirus or even open their purse to get one, but finally they failed with frustration. In reality, there is no perfect anti-virus program that can solve everything because many viruses are created each day and it takes time for anti-virus software to make solutions for the latest viruses. On the other hand, Trojan Horse Infostealer.Predapa!gm is adding new characteristics all the time, so it can’t be detected by any antivirus completely or it can even disable it. Hence, professional manual removal is needed to effectively get rid of this virus. Here below is the manual approach of Trojan Horse Infostealer.Predapa!gm deletion.

Manual Removal steps:

For windows :

  1. Remove Infostealer.Predapa!gm from Chrome/Firefox/IE/Edge
  2. Delete Infostealer.Predapa!gm related application or software
  3. Find and delete malicious files generated by Infostealer.Predapa!gm in the paths listed below:

%Temp%\[malware name] , %AppData%\[malware name] , %LocalAppData%\[malware name] , %LocalAppData%\[malware name].exe , %CommonAppData%\[malware name] , %AllUsersProfile%random.exe

  1. Remove dangerous registry entries added by Infostealer.Predapa!gm

For Mac OS:

  1. Uninstall the malicious app from Mac OS
  2. Delete unwanted extensions from your Safari browser
  3. In case the above manual steps cannot remove Infostealer.Predapa!gm from Mac, it’s recommended to install professional malware remover from Mac to scan the entire system to check if these are all hidden virus files

 

URL :

https://computerprotectionpro.com/removal-guide-infostealer-predapagm-removal-instructions-delete-infostealer-predapagm-effectively/

https://www.pcviruscare.com/blog/remove-infostealer-predapagm-from-pcs

https://www.symantec.com/security-center/writeup/2019-050207-3716-99#removal

 

 


Read more »



Apr
29
BoxBe Adware
Posted by Roger Conroy on 29 April 2019 04:40 PM

BoxBe is an adware which is known as a potentially unwanted program (PUP). BoxBe enters your PC by means of package, which means that it will be bound with the third party application. When it enters into your browser sneakily, you are unable to be aware of. And then, it will exert ill influence on your browsers and PC silently as well. What is the results with having BoxBe on the sites?

On the one hand, BoxBe will destroy your PC and the whole system. It becomes to release numerous ads on your PC so that you can open target sites, infecting with virus or downloading freeware. Virus is one of fatal bugs on PC and system, including windows XP, windows 7, windows 8, visita, Linux, and so on. And it will destroy it totally. And the cumulated freeware will use up your PC resource. In this way, your PC and system will screwed over and the data could not recovered even when the system is reinstalled.

On the other hand, BoxBe is able to carry on scam to make you lose money. It do all this for lawbreakers by detecting your data and privacy. When you are chatting, it steals the topics; when you are shopping, it robs the accounts; and all is done without consent. When you feel you are lack of money, it is too late to look for troubles.

Impact:

  1. It alters your browser settings and avoids you changing them back
  2. It modifies DNS configuration and blocks you accessing most of legitimate websites
  3. It may communicates with remote server to install more malware in your computer silently
  4. It messes up your Registry and degrades your computer performance strikingly
  5. It installs malicious browser extension to generate annoying pop-ups
  6. It redirects you to other phishing sites which may steal your privacy
  7. It facilitates remote hacker to invade your system without permission

 

Removal guide:

Step 1 – Uninstall unwanted, unknown and suspicious programs from Control Panel

  1. Windows key + R key” together to open Run window
  2. control panel” in Run window and hit Enter key to open Control Panel
  3. Uninstall a program
  4. Uninstall

Step 2 – Remove unwanted, unknown and suspicious extensions from Chrome, Firefox, IE and Microsoft Edge.

Step 3 – Delete malicious files from Registry.

  1. Windows key + R key” together to open Run window
  2. regedit” in Run window and hit Enter key to open Registry
  3. Ctrl + F keys together to open Find box >> Type virus’s name into it and click Find Next
  4. Delete

Read more »



Oct
15
Welcome to the CloudAccess Support Help Desk
Posted by Roger Conroy on 15 October 2015 02:26 PM

Please register to create your account or login using your email address in the box to the left to access the support help desk.


Read more »




© 2015 Cloud Access, All Rights Reserved