Floxif
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Ranking: | 7,164 |
Threat Level: | 80 % (High) |
Infected Computers: | 53,254 |
First Seen: | January 4, 2013 |
Last Seen: | August 30, 2024 |
OS(es) Affected: | Windows |
Floxif is a Trojan that was known to be spread using a corrupted version of CCleaner recently. CCleaner is a legitimate program that is used to help computer users perform maintenance tasks on their computers. However, a corrupted version of this utility has led to more than 2 million computers becoming infected with Floxif. As soon as Floxif was installed on the victim's computer, it started gathering information about the infected computer and sending it to the Floxif's controllers, allowing con artists to gain access to the victim's data.
Table of Contents
The Name of an Honest Progam Being Used to Dishonest Actions
The makers of CCleaner announced officially that their program had been modified by cybercriminals to install Floxif on the victims' computers. One of the reasons why the Floxif attack was so effective was because the corrupted version of Floxif was being delivered with a valid digital certificate. Once installed, Floxif was designed to send con artists technical data about the infected computers, such as running programs, installed software, the victim's computer's name and addresses. It does seem that Floxif itself also led to other threat infections on the victim's computers. Essentially, Floxif delivers data to on artist, which allows them to deliver additional Trojan payloads. CCleaner was corrupted on August 15, 2017, and it wasn't reported to computer users until September 12, 2017. Because of this, computer users that downloaded CCleaner in that period may have installed Floxif on their computers unknowingly.
How Floxif Carries out Its Attack
Floxif runs in the background. Floxif uses the infected computer's resources, such as CPU processing and online bandwidth, and connects to its Command and Control server through the IP address 216.126.225.148. Floxif also receives data, including additional threats, which it could then install on the victim's computer. Not only individual computer users were the intended victims of Floxif. Floxif also was meant to compromise major technology and communications companies in the United States, Germany, Taiwan, Japan, and the United Kingdom, including such high-profile targets as Cisco, MSI, Oracle, Google, Linksys and Epson. Floxif has been delivered to high-profile targets, which include some banks and government computer networks. Possible victims of the Floxif attack have been notified, and steps are being taken to ascertain the extent of the Floxif attack.
Further Details about a Floxif Infection
The reason why Floxif managed to infect 2.27 million people (at the last estimate) is that the con artists were able to modify CCleaner's main executable, making it quite difficult to realize that the attack was going on. At least 20 computers owned by high-profile technology companies have been infected with Floxif. Updating CCleaner to its latest version should remove Floxif. A security program that is fully up-to-date can scan your computer if you have downloaded CCleaner or there's a possibility that Floxif has infected your computer. You should take some steps to limit the damage of a possible Floxif infection on your computer:
- Make sure that your copy of CCleaner is updated to version 5.34 or higher. The corrupted version of this program is version 5.33.
- Use a security program to run a full scan of your computer.
- Change all of your passwords and other sensitive data.
- Take steps to check that your online accounts, particularly your online banking accounts, have not presented suspicious activity or been compromised in any way. Your social media and email accounts also may have been compromised and used to deliver spam messages.
SpyHunter Detects & Remove Floxif

File System Details
# | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|---|
1. | symsrv.dll | 4fcd7574537cebec8e75b4e646996643 | 3,465 |
2. | symsrv.dll | 1458e1451cf701b363c99cfb81317789 | 2,189 |
3. | symsrv.dll | 0609f5fe5fee88412b62aacafc43aedc | 93 |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.