Win32/Redyms
Posted: March 19, 2013
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 9/10 |
|---|---|
| Infected PCs: | 9 |
| First Seen: | March 19, 2013 |
|---|---|
| Last Seen: | March 26, 2020 |
| OS(es) Affected: | Windows |
Win32/Redyms is a family of browser hijackers that changes the results of several search engines for the purposes of promoting malicious sites and/or advertisements. Win32/Redyms infections usually are caused by drive-by-download attacks from hacked or hostile websites, and frequently employ specialized Trojan droppers (based on the Power Loader bot-building kit) that install Win32/Redyms automatically. Because Win32/Redyms injects its code into the processes of separate programs, SpywareRemove.com malware researchers heartily recommend using appropriate anti-malware tools whenever you need to remove Win32/Redyms – although avoiding sites capable of infecting your PC with Win32/Redyms is, naturally, even better than that.
When Good Searches Go Wrong with Some 'Help' from Win32/Redyms
Win32/Redyms is a specialized PC threat that's designed for redirecting your web searches towards sites that are profitable for Win32/Redyms's criminal developers. Such sites may include malware-hosting sites, sites that engage in online attacks (such as phishing for personal information) or simple advertising rings. SpywareRemove.com malware experts have recognized various culprits that are engaged on the distribution of Win32/Redyms to new computers, including:
- Fake Adobe Flash updates. These fraudulent updates pretend to detect an outdated version of Flash on your computer and then proceed to install Win32/Redyms instead of a new version of Flash. PC users who only download their updates from trusted sources should be in a minimum of danger from this obvious attack.
- Drive-by-downloads that use Blackhole Exploit Kit or other exploit kits. Unlike the first installation attack, this one can install Win32/Redyms automatically and without your permission. Websites with poor security that have been hacked, and consequentially, forced to host code for exploit kits, are the most likely source of contamination by this method.
- Finally, Win32/Redyms also has been found to use Trojan droppers that specialize in installing variants of Win32/Redyms. These Trojan droppers, based on the same Trojan-creating kit as the Gapz family's droppers, may be launched either automatically or manually.
Win32/Redyms's redirects are based on system changes that can affect all web browsers, regardless of their brand or their security settings. However, SpywareRemove.com malware experts note that only certain specific and popular search engines may be affected by Win32/Redyms's hijacks, such as Google, Bing, Alexa, Ask.com, AOL Search, Yahoo Search and Yandex.
The Trouble with Washing the Redyms Out of Your Browser
Similar to a banking Trojan but with less spyware-based intentions, Win32/Redyms also uses a code injection attack. This attack allows Win32/Redyms to insert itself into every active memory process. However, only your web browsers will be affected by Win32/Redyms's additional functions that were noted earlier in this article. As a result, you should assume that Win32/Redyms is active at all times until your anti-malware software can determine otherwise.
Anti-malware products can remove Win32/Redyms from your computer with the least chance of harming any innocent files or programs on your PC. Since Win32/Redyms only was identified late in 2012, SpywareRemove.com malware analysts also suggest updating any anti-malware programs that you plan to use.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 135.16 KB (135168 bytes)
MD5: f4a4f984cdd2687d5d9b741f74cc60a5
Detection count: 66
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 20, 2013
file.exe
File name: file.exeSize: 135.16 KB (135168 bytes)
MD5: b513c1cd1f6cb11b39276b5eb61877e2
Detection count: 64
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 20, 2013
file.exe
File name: file.exeSize: 135.16 KB (135168 bytes)
MD5: a647dcd2f7d5d60b4e96c21aa2af1939
Detection count: 63
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 20, 2013
file.exe
File name: file.exeSize: 114.68 KB (114688 bytes)
MD5: 685250a844ffda0bd522ef4a3e1fae6e
Detection count: 32
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 20, 2013
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.