Threat Database Trojans Trojan:Win32/Dembr.A


By Domesticus in Trojans

Threat Scorecard

Ranking: 13,060
Threat Level: 90 % (High)
Infected Computers: 1,566
First Seen: March 27, 2013
Last Seen: August 31, 2023
OS(es) Affected: Windows

Trojan:Win32/Dembr.A is a Trojan that deletes the Master Boot Record (MBR), and, thus, makes the compromised unusable.

Trojan:Win32/Dembr.A encompasses a code to make sure that it only starts after 14:00, on March 20, any given year. Trojan:Win32/Dembr.A may make Trojan:Win32/Dembr.A may make continuous modifications to the compromised PC that will not be restored by founding and uninstalling this malware infection. Therefore, affected computer users will need to reinstall Windows, and restore the victimized computer from backup. When installed, Trojan:Win32/Dembr.A will restrict victims from starting the computer system. Trojan:Win32/Dembr.A will prevent PC users from using Ahnlab and Hauri anti-virus applications if it detects either on the targeted PC. Trojan:Win32/Dembr.At then makes modifications to the Master Boot Record (MBR) so that, if the computer user strives to reboot the PC, it will not launch. Trojan:Win32/Dembr.A strives to bypass the detection and removal by embedding a code into the genuine Windows process 'svchost.exe'.

File System Details

Trojan:Win32/Dembr.A may create the following file(s):
# File Name Detections
1. schsvcsc.exe
2. schsvcsc.dll
3. update.ex


Most Viewed