W32/Dorkbot-AM
Posted: December 13, 2011
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 5/10 |
|---|---|
| Infected PCs: | 7 |
| First Seen: | December 13, 2011 |
|---|---|
| Last Seen: | December 10, 2019 |
| OS(es) Affected: | Windows |
W32/Dorkbot-AM is a backdoor Trojan that alters your Windows Registry to create security holes in both your web browser and in certain types of anti-malware programs. Instructions from command servers may configure W32/Dorkbot-AM to perform other attacks (such as DDoS-style flooding, browser hijacks or the installation of other PC threats), although even this baseline level of functionality should be considered a serious threat to your computer's safety. SpywareRemove.com malware experts note that recent W32/Dorkbot-AM distribution methods have focused on spam e-mail messages that purport to carry news about the death of Hugo Chavez; however, this news is fake and you should immediately-delete this e-mail whenever you see it in your mailbox. Detecting and removing W32/Dorkbot-AM is best accomplished via anti-malware products, since W32/Dorkbot-AM, like most backdoor Trojans, will conceal its files in non-obvious locations and try to evade deletion.
How W32/Dorkbot-AM Carries Tidings That May Catch You Off-Guard
As a member of the Dork bot family along with spambots like Win32/Dorkbot-D, W32/Dorkbot-AM installs itself via spam e-mail messages and thereafter attacks your PC in several ways while W32/Dorkbot-AM hides itself from sight. As of December 2011, W32/Dorkbot-AM's primary distribution method is through the usage of fake e-mail messages that announce the supposed death of Venezuela's president, Hugo Chavez. Since Chavez is, in fact, struggling with cancer and has had recent chemotherapy, this hoax can appear to be very realistic. The website that this e-mail links to also includes a very tempting blue-arrow-and-yellow-button graphic for its video download link. However, clicking this link will simply infect your PC with W32/Dorkbot-AM, which will proceed to run itself automatically and launch a range of attacks against your PC.
Users of Outlook Express should be particularly-wary of W32/Dorkbot-AM infections, since W32/Dorkbot-AM has been known to alter OE folders and may attempt to harvest address book-related information to collect additional targets for its spam e-mail attacks. Since W32/Dorkbot-AM was first identified as an individual PC threat as of early December 2011, SpywareRemove.com malware experts note that having all available updates for your anti-malware scanners is important for the accurate identification and deletion of a W32/Dorkbot-AM infection.
Adjusting to W32/Dorkbot-AM's Anti-Security Assault
In addition to its other functions, W32/Dorkbot-AM has also been found to change Registry settings for a variety of security programs. Some popular brands of anti-malware programs may malfunction during a W32/Dorkbot-AM infection, and W32/Dorkbot-AM will also reduce the security settings of Internet Explorer. Therefore, SpywareRemove.com malware analysts recommend that you use an alternate web browser if it's necessary to access websites until W32/Dorkbot-AM is removed.
Additionally, although W32/Dorkbot-AM does attempt to block certain brands of PC security products, W32/Dorkbot-AM's attacks are far from all-encompassing, and deletion of W32/Dorkbot-AM can be handled by any reputable anti-malware program that isn't on W32/Dorkbot-AM's blacklist. However, Safe Mode (which is available on all Windows platforms) or another means of deactivating W32/Dorkbot-AM's startup routine is recommended to keep W32/Dorkbot-AM from preventing its own deletion. W32/Dorkbot-AM is specific to Windows operating systems and is unable to harm a non-Windows computer in a direct fashion.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.