Crisis

Crisis Description

Crisis is a rootkit that is also known as Morcut and includes broadly-applicable spyware functions – such as keylogging – along with an impressively-varied set of installation tactics. Unlike most rootkits, Crisis is fully functional for both Windows and Mac OS X environments, besides including installation routines for virtual machines and Windows-based mobile platforms. All variants of Crisis should be considered dangerous and highly-invasive to your PC's privacy, since Crisis can install other PC threats, transfer confidential information to remote attackers or disable important security features. Many PC security companies have developed adequate definitions for Crisis as of the time of this writing and Crisis should be removable by updated anti-malware products, although SpywareRemove.com malware researchers prefer that you avoid falling for Crisis's installation scam (a fake Adobe update) in the first place.

Crisis: A Danger for Most OSes and Quite a Few of the Programs That Reside Within Them

Crisis's sordid story begins with a malicious JavaScript applet that pretends to be an update for Adobe software. PC users who trust this applet enough to install its proffered software will have their operating system detected, after which a suitable variant of Crisis is dropped on the PC. Along with the cross-brand compatibility that launched Crisis into minor infamy, Crisis also includes infection methods for virtual machines – a notable achievement, since most PC threats will disable themselves in VM environments to avoid analysis from PC security companies.

After its installation, Crisis creates a backdoor vulnerability to contact a C&C server. This allows criminals to exercise control over your PC and should be considered a high-level breach of your privacy and security. SpywareRemove.com malware analysts have also noted other attacks by Crisis that can be applied to stealing sensitive information or furthering the contamination of the infected computer, such as:

  • Monitoring text, voice and video communications from instant messaging programs like Skype and MSN Messenger.
  • Recording keyboard input and even mouse coordinates.
  • Taking screenshots.
  • Monitoring your webcam and microphone.
  • Tracking which websites are visited according to their web addresses.
  • Spying on address book entries.

How to Bring an End to This Crisis

Crisis uses rootkit techniques to conceal itself and accomplish many of its attacks, and SpywareRemove.com malware researchers recommend that you use suitably-advanced anti-malware applications to detect and delete Crisis without further problems. Crisis is unlikely to display memory processes or files of its own while Crisis is active, but should be considered open by default unless exceptional measures are taken to disable Crisis. Booting your PC from a clean USB drive, if possible, is recommended.

However, care should be taken when introducing removable devices to a Crisis-infected PC. SpywareRemove.com malware experts have also noted that Crisis includes limited functions to copy itself to removable drives and automatically infect other computers that are exposed to these devices. You should avoid sharing USB drives and other such devices between a Crisis-infected computer and an uninfected system unless you've used anti-malware software to verify that the device is clean.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Crisis may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Posted: August 22, 2012

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.