'COVID-19.exe' Wiper

Posted: April 2, 2020

'COVID-19.exe' Wiper Description

The 'COVID-19.exe' Wiper is a file-wiping Trojan that can destroy the PC's Master Boot Record or MBR. This attack prevents the operating system from booting and may damage other files on the computer. Users should have anti-malware utilities remove the 'COVID-19.exe' Wiper as soon as any symptoms of infection appear and use appropriate MBR repair tools as necessary.

A Diseased Problem Mutates into a More Destructive Form

In the recent past, malware analysts found evidence of Trojans with data-blocking features, like the CoronaVirus Ransomware, and screen-locking ones, like CovidLock Ransomware. However, even these threats pale in comparison to the most invasive data-targeting threats: file-wiping Trojans. These saboteurs, as per Shamoon and Dustman, often are parts of a coverup of hackings versus sensitive business entities. The 'COVID-19.exe' Wiper, by contrast, might be a bad joke.

The 'COVID-19.exe' Wiper keeps users from accessing their PCs by sabotaging an integral startup component, the MBR or Master Boot Record. The Windows program launches the attack in two phases, both carrying visual elements for any observing victims:

• Stage one disables the Task Manager for preventing users from terminating the Trojan by its memory processes. It also launches a distracting, non-closing pop-up with a Coronavirus theme. In the background, the Trojan proceeds with rewriting the Master Boot Record.

• Afterward, the 'COVID-19.exe' Wiper forces a system restart. Since the PC loads the 'new' MBR, it doesn't launch Windows, but instead, shows a warning screen by the Trojan's supposed author, 'Angel Castillo.'

Depending on how aggressively the 'COVID-19.exe' Wiper rewrites the MBR data, it also may render the compute inoperable permanently and instigate widespread file loss.

A Fighting Chance against Evolving Data Plagues

Malware researchers classify the 'COVID-19.exe' Wiper as one of the less-professional file-wiping Trojans in the wild currently, unlike the samples deploying in intelligence and spying operations. Users have a chance of repairing their PCs and restoring any damaged data through advanced, MBR-specific recovery utilities. The availability of an emergency boot-up device, such as a detachable USB stick, also is helpful against file-wiping Trojans and other threats, such as RATs and the notorious Jigsaw Ransomware.

Many threats of this classification use e-mail phishing lures or watering-hole-compromised Web traffic for installation exploits. In the case of the 'COVID-19.exe' Wiper, malware experts suspect less sophisticated possibilities, including torrents and corrupted advertisements. It also is possible that the 'COVID-19.exe' Wiper will carry its virus theme into its installation scam through fake websites, just like the 'Get Corona Safety Mask' Scam.

Active, Windows-compatible anti-malware products should block the 'COVID-19.exe' Wiper and remove this Trojan before it damages the MBR. Guarantees of full data recovery after infections happen are, unfortunately, impossible.

The 'COVID-19.exe' Wiper isn't a good joke, but punchlines often spring forth from tragedy. The ease of turning a disease into an OS dismantler makes it as clear as ever that people need to protect their data along with their bodies.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to 'COVID-19.exe' Wiper may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Malware 'COVID-19.exe' Wiper

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.