Dermon
Dermon is a dangerous trojan with rich set of malicious functions. It runs on every Windows startup and secretly works in background. Dermon logs all keystrokes, steals user critical passwords and e-mail account details, collects computer information. It records all this data into a file and sends it to the attacker. Dermon runs hidden proxy service, terminates active firewall and antivirus processes, downloads and installs files from the Internet. It alters the registry to set Internet Explorer as the default web browser. It also may give the attacker remote unauthorized access to a compromised computer. Dermon activity severely decreases overall computer performance and Internet connection speed.
File System Modifications
- The following files were created in the system:
# File Name 1 winserv.dat 2 winserv.dll 3 winserv.ini 4 winserv32.dll 5 winserver.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunwin32systemserver=%System%winserver.exeHKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunServiceswin32systemserver=%System%winserver.exeHKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunwin32systemserver=%System%winserver.exe
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.