TROJ_DOFOIL.GE
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 16,371 |
| Threat Level: | 20 % (Normal) |
| Infected Computers: | 15 |
| First Seen: | February 10, 2012 |
| Last Seen: | August 6, 2023 |
| OS(es) Affected: | Windows |
TROJ_DOFOIL.GE is a Trojan downloader often identified with the string 'dofoil'. Like most Trojans, TROJ_DOFOIL.G does not have the capacity to spread on its own, usually requiring a social media attack in order to enter the victim's computer (often through malicious email attachments). While members of TROJ_DOFOIL.GE family have been around for a longer time, TROJ_DOFOIL.GE in particular was first seen in the wild in February of 2012. TROJ_DOFOIL.GE attacks 32-bit Windows operating systems prior to Windows Vista, although this does not mean that Windows Vista and Windows 7 are completely immune. Basically, TROJ_DOFOIL.GE will install its executable file and then make changes to the Windows Registry which allows TROJ_DOFOIL.G to start up automatically whenever the victim starts up Windows. Once TROJ_DOFOIL.GE has done this, TROJ_DOFOIL.GE and downloads certain malicious files. According to ESG security researchers, TROJ_DOFOIL.GE has been linked so far to three kinds of other Trojans: a spy Trojan that can steal information and upload it to a file sharing service, a Trojan infection designed to install a fake anti-virus on the victim's computer system and a Trojan in the Zbot family (a family of malware most commonly designed to steal banking data such as credit card and account numbers). Even though TROJ_DOFOIL.GE does not attack a computer system itself, it downloads and installs numerous malware infections onto the victim's computer system which can do anything from steal the victim's personal information to attempt to scam the victim with fake security software.
Table of Contents
TROJ_DOFOIL.GE Has Been Linked to a File-Stealing Malware Attack
While many spy Trojans upload information to a remote server, TROJ_DOFOIL.GE has been known to install a particular spy Trojan that targets files created in Microsoft Excel and Microsoft Word and then uploads them to Sendspace.com, a website often used to share large files from one computer user to another. This is a unique kind of attack that my bring about a new trend in spy Trojans, allowing criminals to use these kinds of websites for receiving stolen data instead of requiring them to set up a server which may be more easily traced. The version of TROJ_DOFOIL.GE that carries this particular spy Trojan attack is being spread through a phishing email pretending to contain an invoice from messenger service Federal Express. The attached invoice is actually an executable file designed to infect the victim's computer with TROJ_DOFOIL.GE.
File System Details
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %User Profile%\Application Data\170316.exe |
Registry Details
URLs
TROJ_DOFOIL.GE may call the following URLs:
| search.imah5hf.com |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.