Home / malware

PDF

Trojan:Win32/Damingvat.A

First posted on 14 October 2015.
Source: Microsoft

Aliases :

There are no other names known for Trojan:Win32/Damingvat.A.

Explanation :

Threat behavior

This threat drops and runs a batch file with a random name (for example: Eeb2.bat, f3ce.bat) in the same directory that the malware file was ran from.

After that, the randomly-named batch file deletes the malware file, and then itself, to evade detection.

Payload

Changes security settings

This threat changes the following registry entries to disable access to Windows Update:

In subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
Sets value: "DisableWindowsUpdateAccess"
With data: "0x00000001 (1)"

It does so to prevent you from updating your antimalware software. If you don't have the latest antimalware security updates, there's a chance that this trojan can evade detection and still do more damage to your PC.

Symptoms

Alerts from your security software might be the only symptom.

Last update 14 October 2015

 

TOP