Trojan.Wdfload

Trojan.Wdfload (including aliases such as CertLock or Ceram) is a Trojan that blocks you from using specific brands of anti-virus scanners and related security software. Although this threat is specific to Windows, for affected users, it prevents them from analyzing the presence of other threatening software on their PCs or implementing a disinfection strategy. Use standard security protocols and specialized utilities, if necessary, to disable this Trojan before removing Trojan.Wdfload with the anti-malware program of your choosing.

The Anti-Anti-Virus Starts Making Waves

It's not new for threatening software to undertake various actions in 'self-defense' of their attacks. For one example, readers might recall the ability of some versions of Hidden Tear to disable the Task Manager and other tools that are useful for analyzing system problems. However, usually, these attacks are only one part of a Trojan's payload. With Trojan.Wdfload, the entire payload is customized to serve as an 'anti' to any onboard anti-virus.

Trojan.Wdfload also is commonly referred to by the name CertLock, which comes from one of its most essential features: disabling software-authenticating certificates. It revokes certifications for programs associated with significant AV and security brands and includes both installers and any already-installed products in the attack. Malware experts do note that such attacks are detectable to any users trying to open these blocked applications immediately, which will throw standardized Windows errors.

Interesting, while many threat actors would stop at the above feature, Trojan.Wdfload also includes a second, fallback method of blocking software. For the moment, malware experts can verify the secondary attack, which hijacks the HOST file to block the relevant servers, in deployment against Avast-brand products. HOST edits are more commonly implemented to redirect the victim's Web browser to a corrupted website or intercept confidential information, such as passwords.

Keeping the Ante on Anti-Software from Climbing Too High

Trojan.Wdfload is a significant threat for its supportive role, which helps keep your computer vulnerable to attacks over a prolonged time. Bundles that install Trojan.Wdfload propagate Bitcoin-mining Trojans currently, as well, which can cause hardware damage and degrade your system's performance. The PC security sector is providing free tools customized for removing the Registry-based blockade on the software certificates. As more thorough alternatives, the user can reboot through a method that avoids loading the compromised Registry or repair Windows.

Although Trojan.Wdfload's only role is disabling specialized applications, it enables a much wider variety of threatening software than itself and never should be assumed to be alone. Threat actors have been deploying this Trojan since May of 2017 through various infection vectors, and any security programs should be updated to use threat databases since that time. Having active anti-malware defenses remain integral to deleting Trojan.Wdfload beforehand, when possible.

Trojan.Wdfload sharply exemplifies the arms race situation between the on artists who deploy threatening software and the security researchers who try to stop them. As counterattack-based 'defenses' for Trojans continue mounting up, the value of preventing computer problems, instead of fixing them afterward, continues rising with them.

Technical Details