Trojan.Kardphisher
Trojan.Kardphisher is a ransomware Trojan that pretends to be a Windows activation form. Like most types of ransomware, Trojan.Kardphisher will prevent you from using Windows, until you've entered in credit card information and other sensitive data. Although Trojan.Kardphisher claims that there is no fee to activate Windows, Trojan.Kardphisher will actually send this information to criminals for the dual purposes of identity theft and fraud. Instead of falling for Trojan.Kardphisher's scheme to unlock your computer, use an alternate boot method to access Windows and remove Trojan.Kardphisher with a high-quality anti-virus product.
Trojan.Kardphisher – An Unusually Convincing Ransom Instigator
Trojan.Kardphisher made its appearance in 2007 and has seen no updates since that time, but Trojan.Kardphisher is still considered a severe threat for any Windows PC. Aliases of Trojan.Kardphisher include TrojanSpy:Win32/Delf.T and TrojanSpy:Win32/Delf.Q, but despite these names, Trojan.Kardphisher has no currently known spyware properties such as keyloggers.
What Trojan.Kardphisher actually does to your computer, however, is more than bad enough – Trojan.Kardphisher will disable your Task Manager, remove your ability to switch programs and then reboot your PC into a fake Windows activation screen. There's no obvious way of bypassing this activation form, since 'No, I will do it later' will reboot your computer and return it to the very same activation screen.
These Trojan.Kardphisher attacks all use the Windows Registry to operate, and, therefore, may go unnoticed in most cases until they actually occur. The activation form itself mimics the normal Windows activation screen very well and may fool anyone who's not on their guard against a Trojan.Kardphisher attack.
Why Trojan.Kardphisher Really Wants Your Credit Card
The resulting 'activation' form isn't a real activation form, but looks so convincingly that there are no telltale signs of Trojan.Kardphisher's scam being, in fact, a scam. Even though Trojan.Kardphisher's activation screen tells you that you will not be charged for giving away your credit card information, following along with Trojan.Kardphisher's wishes will result in fraudulent credit card charges and potentially identity theft.
Trojan.Kardphisher infections are only announced by the presence of a single .dll file and the aforementioned Registry changes. Due to these limited symptoms, preventative self-defense against a Trojan.Kardphisher infection is more practical than trying to spot Trojan.Kardphisher before it locks your computer. Keep your firewall active, update your anti-virus software on a regular basis, and disable JavaScript and Flash for websites that you don't trust.
Although being infected by Trojan.Kardphisher may make it look as though there's no way to regain your computer without giving in to this phishing scam, Trojan.Kardphisher, like most Trojans, can be deleted with good anti-virus software and industry-standard techniques. Since Trojan.Kardphisher has no functions that would destroy or damage your computer, you can afford to be patient about finding the right method for deleting Trojan.Kardphisher.
File System Modifications
- The following files were created in the system:
# File Name 1 [PATH TO THE TROJAN]\keylog.dll
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\sft\cHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgrHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\soft2
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.