Trojan.Komodola
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Ranking: | 16,389 |
Threat Level: | 90 % (High) |
Infected Computers: | 7 |
First Seen: | May 21, 2012 |
Last Seen: | September 8, 2023 |
OS(es) Affected: | Windows |
Trojan.Komodola is a dangerous Trojan infection that is related to an online scam projected to obtain access to computer users' banking information. Basically, Trojan.Komodola carries out several operations on the infected computer system that allow Trojan.Komodola to redirect its online traffic, gather personal data, and transmit that data to a remote server. Trojan.Komodola also has components designed to disable some plug-ins that have been implemented in order to prevent various online banking scams. ESG security analysts highly recommend removing this dangerous intruder from your computer system.
If you have reasons to suspect that your PC has become compromised, it is important to avoid handling sensitive information and to run a complete, thorough scan of your hard drive with a reliable anti-malware program. One of the most important symptoms of a Trojan.Komodola infection is being redirected to websites impersonating legitimate banking web pages, particularly targeting Brazilian and South American banks. Some ways in which the websites that are presented as an after-effect of a Trojan.Komodola infection differ from the real thing include unnecessary underscores ('_') in the website's title or name and slight misspellings in the websites' URL.
Table of Contents
How the Trojan.Komodola Scam Works
Basically, Trojan.Komodola directs computer users to websites that are almost identical to the websites used by legitimate banks. A computer user, fooled by these websites' similarity to the real thing, may enter account numbers, credit card information, passwords, and other sensitive information into the fake website, where Trojan.Komodola recollects the data and sends to a remote server. Criminals can then use this data to gain access to the victim's bank accounts and clean them out. To carry out its browser redirects, the Trojan.Komodola Trojan makes changes to the HOSTS file, changing how the victim's web browser connects to the Internet. Basically, this change allows Trojan.Komodola to reroute web traffic through predetermined websites.
While some Brazilian banks have implemented a plug-in known as GpPlugin to prevent similar attacks, Trojan.Komodola can disable this plug-in as well as the WinpkFilter driver. However, one thing that Trojan.Komodola cannot disable is your common sense and precaution. Because of this, ESG security researchers consider that your best chance of avoiding a Trojan.Komodola attack lies in making sure to observe your website's title and URL carefully when carrying out important online operations; if you sense any discrepancies, to close your web browser and ensure that your computer system is not infected with a Trojan infection.
File System Details
# | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|
1. | %System%\gb_catchme.exe | |
2. | %System%\gb_service.exe | |
3. | %System%\snetcfg.exe | |
4. | %System%\devcon.exe | |
5. | %System%\registro_sicredi.reg | |
6. | %System%\drivers\etc\hosts | |
7. | %System%\registro_itau.reg | |
8. | %System%\registro_driver.reg | |
9. | %SystemDrive%\SessionChange_[DATE]_[TIME].log | |
10. | %System%\registro_bb.reg |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.