'COVID-19.exe' Wiper
The 'COVID-19.exe' Wiper is a file-wiping Trojan that can destroy the PC's Master Boot Record or MBR. This attack prevents the operating system from booting and may damage other files on the computer. Users should have anti-malware utilities remove the 'COVID-19.exe' Wiper as soon as any symptoms of infection appear and use appropriate MBR repair tools as necessary.
A Diseased Problem Mutates into a More Destructive Form
In the recent past, malware analysts found evidence of Trojans with data-blocking features, like the CoronaVirus Ransomware, and screen-locking ones, like CovidLock Ransomware. However, even these threats pale in comparison to the most invasive data-targeting threats: file-wiping Trojans. These saboteurs, as per Shamoon and Dustman, often are parts of a coverup of hackings versus sensitive business entities. The 'COVID-19.exe' Wiper, by contrast, might be a bad joke.
The 'COVID-19.exe' Wiper keeps users from accessing their PCs by sabotaging an integral startup component, the MBR or Master Boot Record. The Windows program launches the attack in two phases, both carrying visual elements for any observing victims:
• Stage one disables the Task Manager for preventing users from terminating the Trojan by its memory processes. It also launches a distracting, non-closing pop-up with a Coronavirus theme. In the background, the Trojan proceeds with rewriting the Master Boot Record.
• Afterward, the 'COVID-19.exe' Wiper forces a system restart. Since the PC loads the 'new' MBR, it doesn't launch Windows, but instead, shows a warning screen by the Trojan's supposed author, 'Angel Castillo.'
Depending on how aggressively the 'COVID-19.exe' Wiper rewrites the MBR data, it also may render the compute inoperable permanently and instigate widespread file loss.
A Fighting Chance against Evolving Data Plagues
Malware researchers classify the 'COVID-19.exe' Wiper as one of the less-professional file-wiping Trojans in the wild currently, unlike the samples deploying in intelligence and spying operations. Users have a chance of repairing their PCs and restoring any damaged data through advanced, MBR-specific recovery utilities. The availability of an emergency boot-up device, such as a detachable USB stick, also is helpful against file-wiping Trojans and other threats, such as RATs and the notorious Jigsaw Ransomware.
Many threats of this classification use e-mail phishing lures or watering-hole-compromised Web traffic for installation exploits. In the case of the 'COVID-19.exe' Wiper, malware experts suspect less sophisticated possibilities, including torrents and corrupted advertisements. It also is possible that the 'COVID-19.exe' Wiper will carry its virus theme into its installation scam through fake websites, just like the 'Get Corona Safety Mask' Scam.
Active, Windows-compatible anti-malware products should block the 'COVID-19.exe' Wiper and remove this Trojan before it damages the MBR. Guarantees of full data recovery after infections happen are, unfortunately, impossible.
The 'COVID-19.exe' Wiper isn't a good joke, but punchlines often spring forth from tragedy. The ease of turning a disease into an OS dismantler makes it as clear as ever that people need to protect their data along with their bodies.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.