Trojan/Kovter.c – Detailed Information
Kovter Trojan family has just become quite famous, having around 20 active members including Trojan/Kovter.c. Apparently, Trojan/Kovter.c is also detected as ransom_.956D2004 (Trend Micro) and Trojan.GenericKD.3112101 (F-Secure). This trojan horse mainly performs click-frauds while using your Windows computer. This infection is typically installed via an exploit kit found on malicious websites or dropped through Trojan droppers like Nemucod and RIG etc. What is interesting, when your computer is compromised with Trojan/Kovter.c, the real infection can be found in Windows Registry Entries. Actually, Trojan/Kovter.c doesn't stores its itself as a file on local disk or hard drive of affected computer. Hence, it becomes nearly impossible to detect the trojan using regular Antimalware software which enables it to stay undetected on your computer for a very long time.
Next, Trojan/Kovter.c starts creating autorun entries that help to start its processes without your consnet whenever your computer starts . What's worse, these malicious entries values couldn't be changed using Windows Registry Editor, you will have to make use of some extra ordinary tools and proper instruction. Actually, when you try to view these malicious Registry Entires (associated with Trojan/Kovter.c), you see an error alert stating “Cannot Display: Error reading the value's contents”. Moreover, if you are not sure whether you computer infected with Trojan/Kovter.c or not, you can verify it by checking through Task Manager → Processes – you will find mshta.exe or powershell.exe running and consuming a whole lot of system memory space. What's next, you may notice that online pages that you visit daily may be blocked or unreachable while surfing Internet. Besides, your computer overall performance will be degraded and programs will take a long time to start up than usual. Even, you may see notification stating Powershell has stopped working and suspicious changes on local disk.
Trojan/Kovter.c Virus – Highlights
According to researcher at Microsoft, Trojan/Kovter.c allows remote hackers to take control on your compromised computer from a command and control server. It also disables security settings for Internet Explorer. It adds following Entries into Windows Registry:
Once again, we remind Trojan/Kovter.c is very noxious, you should delete Trojan/Kovter.c from computer as soon as possible. To safeguard your computer, you should keep efficient Antimalware software installed and activated on your each computer.