Reveton Description

ScreenshotReveton, also detected as Trojan:Win32/Reveton.A is a malicious Trojan that hijacks the victim's web browser in order to direct the infected computer to specific websites. The Reveton Trojan modifies the Windows Registry that allows Reveton to launch automatically when Windows starts up. Reveton will be disguised as a legitimate file process, making Reveton difficult to remove. Because Reveton makes dangerous changes that must be undone, ESG malware analysts discourage manual removal when dealing with this threat. Instead, Reveton should be removed with a strong anti-malware tool. Since the Reveton Trojan will usually be part of a larger malware attack on your computer, it is also a good idea to scan the infected computer's hard drives with an updated anti-malware scanner.

Why Criminals Use the Reveton Trojan to Control Your Online Activity

The main component of a Reveton Trojan attack involves forcing the victim's computer to visit malicious websites. Other symptoms may be present due to the effects of other malware components associated with the Reveton Trojan. ESG malware analysts have compiled the following list of common symptoms associated with Reveton Trojan activity in order to allow computer users to detect the presence of this threat on their computers:

  1. The Reveton Trojan  has been associated with browser redirects taking computer users to attack websites, phishing websites or websites promoting known scams (such as rogue security programs). Phishing websites and attack websites may not be immediately apparent, so caution should be taken whenever your web browser forces you to visit a website without your authorization.
  2. The Reveton Trojan has also been known to block websites dealing with computer security or promoting legitimate anti-virus products. Whenever the victim tries to visit these websites, they will be greeted with an error message claiming that these websites are infected with malware. In some cases, the Reveton Trojan will simply direct the victim to another web page.
  3. Malware like the Reveton Trojan seldom plays well with other applications and will often hog your computer's resources. Because of this, a common symptom of a Reveton Trojan infection is poor system performance, frequent system and application crashes, and poor connection speed.

ESG malware analysts have observed that the Reveton Trojan has been present along with rootkit infections as well as with known ransomware attacks. It has also been used to distribute rogue security software from the FakeVimes and VirusDoctor families of malware.

Technical Information

File System Details

Reveton creates the following file(s):
# File Name Size MD5 Detection Count
1 %ALLUSERSPROFILE%8qee2.dat 137,216 347ec4535f27cbf943dd1c962025aa1b 4
2 %ALLUSERSPROFILE%bcode.dat 163,840 d3fbef9502ebcf2d4aff654e9db2467d 4
3 %ALLUSERSPROFILE%irwj.dat 109,568 0b5a7ca9b16ea1002dccf826abdc9f16 3
4 %ALLUSERSPROFILE%wiqecoi.dat 138,240 fc8f697b164e025f9e3e08f926a1f6f8 3
5 %SystemDrive%\Users\Home\5319656.dll 135,168 71c6c98f2808d3787e86e16764bb3343 2
6 %ALLUSERSPROFILE%a46ze.dat 155,648 d24671ac9318f18c3b2435c1e3ef4709 2
7 %ALLUSERSPROFILE%oqe7l.dat 159,744 037c13babf93065426de07a155e985cd 2
8 %SystemDrive%\Users\beber55\6941006.dll 139,264 98b525d17cfe9c1155be083148bf01be 1
9 %USERPROFILE%5673474.dll 135,168 673b8caf1e29058094bd8273b24f803b 1
10 %SystemDrive%\Users\PC\AppData\Local\Temp\3WsIMd3.exe 92,672 cd7eaa7b69f01bab0f6dee939facabba 1
11 %SystemDrive%\Documents and Settings\HP_Ejer\Lokale indstillinger\Temp\wpbt0.dll 98,304 b5d99dc7243033b4b0a6cd76ed20e04d 1
12 %ALLUSERSPROFILE%bl0b.dat 141,312 fcc68b087076a2cc935f2073b7befa97 1
13 %ALLUSERSPROFILE%tocolb.dat 131,072 f5a1364d6f7154ee3f5fa5a44c419f7b 1
14 %ALLUSERSPROFILE%vjezdjm.dat 109,568 dbbdbb9664f7acc769fc441f7ef6e151 1
15 %ALLUSERSPROFILE%\Dane aplikacji\ijewido.dat 109,568 4825e40eb19713133c4561b94e8ca598 1
16 %ALLUSERSPROFILE%6zldto.dat 138,240 b07f1e55adbed6af1d87be8fee50bd25 1
17 %ALLUSERSPROFILE%j1aa.dat 137,216 7fde75f7fc571aa1446a65d72084ccab 1
18 %ALLUSERSPROFILE%034ni.dat 137,216 10249aaa09516a5cfdb1ff22a4da6cb1 1
19 %ALLUSERSPROFILE%3foid.dat 132,608 4c85ed28eb4ac442cf0601e0a77e1383 1
20 %ALLUSERSPROFILE%fv3a.dat 96,256 531369ac91993675eec379ecc848ccbc 1
21 %ALLUSERSPROFILE%2ni6zb.dat 96,256 b6850b73e679e709bb5c12e79ba2549f 1
22 %ALLUSERSPROFILE%fowidoje.dat 96,256 22a581545f904ee72a2bbb3b60a7408a 1
23 %ALLUSERSPROFILE%zdrifo1.dat 96,256 69bd66ab75ce15b07945ae41ad65be1d 1
24 %ALLUSERSPROFILE%llo0g.dat 96,256 ac49d31165d10e81b977a44d9ffec7ee 1
25 %ALLUSERSPROFILE%0wiriri.dat 76,288 3bd398ab9c27862c2694787b2be24a27 1
26 %ALLUSERSPROFILE%nijwi7.dat 96,768 db96cdef4b146cbf005ec5f49b32d01e 1
27 %ALLUSERSPROFILE%\Anwendungsdaten\zdnidr.dat 163,840 d0d4acde777b2a0328f57075dc244c3e 1
28 %ALLUSERSPROFILE%\Application Data\YepaRfoko\KapoBome.ggq 294,912 dbe82982d88130ee354aaa4fdd393645 1
More files

Related Posts

Site Disclaimer is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.