New Malware.cc

New Malware.cc Description

New Malware.cc is a Trojan infection that PC security researchers first identified in 2007. This dangerous Trojan will often hide as a svchost.exe file process on the infected computer, making it difficult to identify in the task manager. The New Malware.cc Trojan is designed to disable native security software on the infected computer, making it difficult to remove for inexperienced computer users. However, ESG malware analysts report that simply starting up in Safe Mode will stop the New Malware.cc Trojan from being able to protect itself effectively. Then, it is simply a matter of using an updated anti-malware program to remove the New Malware.cc Trojan completely.
 

Effects Associated With the New Malware.cc Trojan

The New Malware.cc Trojan can cause several disruptions on the infected computer system. As part of New Malware.cc's installation process, New Malware.cc makes changes to the Windows Registry and to your system settings. It also disables certain native Windows processes and changes your Internet browser settings. The New Malware.cc Trojan is known to hijack Internet browsers in an effort to both protect itself and download other malware programs. This Trojan also attempts to connect to a remote server and constitutes a known risk to your privacy and your computer's security. The New Malware.cc Trojan is a notorious resource hog. The presence of the New Malware.cc Trojan on your computer will often result in general instability and decreased performance. Monitoring your file processes will often reveal a svchost.exe file process that is using an abnormally large amount of memory.
 

How the New Malware.cc Trojan Infects a Computer System?

The New Malware.cc Trojan is associated with corrupted advertisements that exploit security issues in your Internet browser, to force your computer to download and install malware. This is one reason why ESG malware analysts consider it a good idea to disable Flash and JavaScript for any websites that you do not visit regularly. Typical advertisements that may infect your computer with the New Malware.cc Trojan will offer to scan your computer system for malware, or optimize your computer's performance. ESG PC security researchers strongly advise against falling for these scams; these advertisements are simply vehicles that deliver Trojan infections onto your computer. Any malware scans, or computer optimization procedures should come directly from reputable computer security experts, never from a random advertisement. Other ways in which the New Malware.cc Trojan is spread include fake video codecs on adult video websites and spam email attachments.

Technical Information

File System Details

New Malware.cc creates the following file(s):
# File Name Detection Count
1 %AppData%\0bdfar.exe N/A
2 %AppData%\1x97n2jeb.exe N/A
3 %AppData%\jbpiclth.bat N/A
4 %Temp%\arp.bat N/A
5 %AppData%\MouseDriver.bat N/A
6 [file and pathname of the sample #1] N/A

Registry Details

New Malware.cc creates the following registry entry or registry entries:
RegistryKey
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Plug Manager\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\[filename of the sample #1 without extension]
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MouseDriver
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MouseDriver\Security
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Plug Manager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\0bdfar\DEBUG
HKEY_LOCAL_MACHINE\SOFTWARE\tgs90gv74r
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MouseDriver
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Local Account Authority Service\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\0bdfar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\[filename of the sample #1 without extension]\DEBUG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MouseDriver\Security
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Local Account Authority Service