Raidys
This is a trojan that steals valuable user information, logs keystrokes and gives the attacker remote unauthorized access to a compromised PC. Raidys overwrites critical computer files with its copies and modifies the registry, so it could be started on every Windows startup. It places infected files into C:WindowsSystem, C:WindowsSystem32 or C:WinntSystem32 directories. It also uses special technique to hide its active processes and prevent Windows OS and some firewall applications from detecting the threat. Raidys monitors user activity in the Internet and records any data that the user enters into password or login forms on many web sites. It sends gathered data to a malicious server in the Internet. Raidys is very difficult to detect, so consider using advanced anti-malware and antivirus software.
File System Modifications
- The following files were created in the system:
# File Name 1 ctfmon.exe 2 raid.sys 3 sfc_os.dll 4 twain.ini 5 userinit.exe 6 win_rar.dll
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunctfmon.exe=%system%ctfmon.exeHKEY_LOCAL_MACHINESOFTWAREvr=ok
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.