Trojan.AngryAngel
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Ranking: | 12,267 |
Threat Level: | 80 % (High) |
Infected Computers: | 762 |
First Seen: | October 22, 2016 |
Last Seen: | September 12, 2023 |
OS(es) Affected: | Windows |
Trojan.AngryAngel is an all-purpose Trojan that researchers have seen packed as an EXE and SCR file. The AngryAngel Trojan can not install itself automatically. Users may be invited to download and install a free program via spam email and ads by adware, and consequently installing Trojan.AngryAngel on their PCs. AngryAngel is designed to run best on Windows 32-bit system and can operate on 64-bit architectures as well. Reports show that Trojan.AngryAngel can be deployed to systems as 'serverx.exe.' The file 'serverx.exe' used by Trojan.AngryAngel may be found in the Windows installation directory on the primary OS drive.
Security researchers have seen Trojan.AngryAngel used in the distribution of other threats predominantly. Trojan.AngryAngel could be used to deliver threats like the Jaku Botnet to compromised users. Trojan.AngryAngel can open a hidden instance of Internet Explorer and download potentially harmful programs from a remote host without the user's notice. Additionally, Trojan.AngryAngel will modify the victim's Registry to facilitate its operations on every OS boot. Analysis revealed that Trojan.AngryAngel sets the value "Serverx" in the subkey HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run with data "C:\Windows\system32\serverx.exe". That way Trojan.AngryAngel can run in the background as long as the PC is turned on and work after reboot as well. As stated above, Trojan.AngryAngel can make alterations to the systems Registry and connect to remote hosts. Security analysts report that the Trojan.AngryAngel is known to make HTTP requests to the following domains:
- vguarder.91i.net
- vguarder.bravehost.com
If you notice unusual data transmissions to vguarder.bravehost.com and vguarder.91i.net, it is better to use a security product than engage in the manual removal of suspicious programs. Threats like Trojan.AngryAngel may connect to compromised sites and use them as proxies. In many cases the presence of Trojan.AngryAngel is evidence for other threats that may be on your PC. Removing Trojan.AngryAngel and associated threats should be conducted with a reputable anti-malware scanner.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.