Trojan:Win32/Reveton.A
Posted: December 28, 2011
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 9/10 |
|---|---|
| Infected PCs: | 37 |
| First Seen: | December 28, 2011 |
|---|---|
| OS(es) Affected: | Windows |
As a browser hijacker that's often accompanied by other types of Trojans, Trojan:Win32/Reveton.A can both control which websites you visit as well as create vulnerabilities that criminals may exploit to access your PC. Trojan:Win32/Reveton.A will launch itself without your permission and attempt to disguise part or all of its components as Windows processes and other types of friendly utilities. SpywareRemove.com malware researchers discourage any attempts to avoid Trojan:Win32/Reveton.A's browser redirects without actually removing Trojan:Win32/Reveton.A due to the possibility of these vulnerabilities, and suggest a scan with appropriate anti-malware software to find and delete Trojan:Win32/Reveton.A to put a stop to its attacks.
Why Trojan:Win32/Reveton.A Wants Control of Your Web Browser
Although Trojan:Win32/Reveton.A may also exhibit other symptoms and configure itself to make additional attacks, Trojan:Win32/Reveton.A's primary function is to grab your web browser and force it to ideal (for Trojan:Win32/Reveton.A's criminal partners) destinations. Common signs of a Trojan:Win32/Reveton.A infection can include:
- Being redirected to hostile websites that promote phishing attacks, rogue security programs or drive-by-download attacks that install PC threats without your permission. Discrepancies between phishing sites and legitimate sites may be minor, although scamware-promoting sites are more obvious than the former due to their blatant marketing of fraudulent software.
- Being prevented from loading PC security sites or anti-malware sites. SpywareRemove.com malware analysts note that Trojan:Win32/Reveton.A may redirect you away from such sites in an immediate fashion or display fake warning screens that incorrectly-imply that these sites are hostile.
- Poor computer performance due to Trojan:Win32/Reveton.A using your computer's resources to conduct DDoS attacks (traffic-flooding attacks that can crash websites).
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.dll
File name: file.dllSize: 3.29 MB (3296959 bytes)
MD5: c81c11bb1c8cc9935f97b726651e6902
Detection count: 41
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: January 3, 2012
file.dll
File name: file.dllSize: 949.51 KB (949515 bytes)
MD5: 48869fa2febf72300d1dfc5aa12177e7
Detection count: 40
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: January 3, 2012
file.dll
File name: file.dllSize: 186.36 KB (186368 bytes)
MD5: 3e0d782110b4393b6cfc3ade35c437b4
Detection count: 39
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: January 3, 2012
file.dll
File name: file.dllSize: 2.14 MB (2141790 bytes)
MD5: 4162ac6d6974ea2f8ed367519dc36531
Detection count: 38
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: January 3, 2012
file.dll
File name: file.dllSize: 2.07 MB (2071551 bytes)
MD5: 7947c9756270763c0b0e7f170e9d8bb8
Detection count: 33
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: January 3, 2012
%TEMP%\.exe
File name: %TEMP%\.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
Registry Modifications
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = '1?
I am looking for registry modifications on reveton with the fbi warning 1 that wants you to pay 100 dollars? any tips?