HIPS/RegMod-012 is a spyware-compromised version of Simurgh, an application that’s widely-used in the Middle Eastern for protecting sensitive online communications. There are some telltale signs of the HIPS/RegMod-012-infected version of Simurgh that can immediately identify HIPS/RegMod-012, but this ironic compromise of privacy is particularly relevant for Middle Eastern Simurgh users in Iran and Syria – who are wont to use this application for protecting transmissions that risk criticism of their local government. Like all kinds of spyware, HIPS/RegMod-012 should be removed by a suitable anti-malware product once HIPS/RegMod-012 is discovered, and SpywareRemove.com malware analysts especially recommend avoiding any Simurgh installation files that are acquired through disreputable sources (such as P2P torrenting clients or websites with histories of malicious software distribution).
HIPS/RegMod-012: an Ironic Spy That Hides in a Privacy-Enhancing Application
HIPS/RegMod-012 is of particular danger to Syrian PC users due to its widespread distribution that region although HIPS/RegMod-012 is perfectly capable of attacking Windows computers in other regions, as well. While legitimate versions of Simurgh (available through the appropriate website) explicitly avoid an installation process to enable the program’s easy usage in Internet cafes and similar venues, HIPS/RegMod-012-infected versions of Simurgh do use an installation process and as such, can be immediately recognized after the .exe file’s launch. Compromised versions of Simurgh that include HIPS/RegMod-012 are typically distributed as .zip files that include the executable, as opposed to just the .exe file itself.
SpywareRemove.com malware researchers also take great pleasure from noting that Simurgh’s development team is responsible for a secondary warning against HIPS/RegMod-012 attacks. While both infected and uninfected versions of Simurgh will open a web page to display the user’s IP address, HIPS/RegMod-012-infected Simurgh programs will display a second line: ‘Warning: Your Simurgh might be compromised’ in red text. Watching for either of these two symptoms should let you catch HIPS/RegMod-012 before HIPS/RegMod-012 can accomplish its goals, which consist of opening backdoor exploits on your PC and stealing personal information by a variety of means.
The Danger of HIPS/RegMod-012 at a Personal Level
HIPS/RegMod-012 may not have the grand intentions of industrial sabotage that the Flamer worm appears to aspire towards, but for normal Simurgh users, HIPS/RegMod-012′s aims are scarcely less terrible than a wiped scientist’s hard drive. Because HIPS/RegMod-012 includes both backdoor Trojan and spyware-based attacks in its capabilities, SpywareRemove.com malware experts warn to be ready any and all of the following possibilities in any HIPS/RegMod-012 infection:
- The creation of a backdoor vulnerability that allows a remote server to take over control of your PC. This exploit can also enable the installation of other PC threats or transfer or sensitive information.
- The presence of a fake lsass.exe file (which is normally a component of Windows) that allows HIPS/RegMod-012 to remain open at all times.
- Sound-related malfunctions; SpywareRemove.com malware researchers have found that HIPS/RegMod-012 will delete a Windows startup .wav file that’s shared by various programs, including IE.
- Multiple methods of stealing personal information, including keylogging attacks that record all keyboard input to a file that’s sent to the remote server as noted earlier.
HIPS/RegMod-012 Automatic Detection Tool (Recommended)
Is your PC infected with HIPS/RegMod-012? To safely & quickly detect HIPS/RegMod-012, we highly recommend you run the malware scanner listed below.
Download SpyHunter's* Malware Scanner to detect HIPS/RegMod-012 What happens if HIPS/RegMod-012 does not let you open SpyHunter or blocks the Internet?
Posted: May 30, 2012 | By SpywareRemove
Threat Level: 9/10
Rate this article:
Detection Count: 169