Trojan.Win32.Mediyes
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Ranking: | 1,681 |
Threat Level: | 20 % (Normal) |
Infected Computers: | 145,998 |
First Seen: | April 13, 2012 |
Last Seen: | September 19, 2023 |
OS(es) Affected: | Windows |
The Trojan.Win32.Mediyes Trojan causes browser redirects, and criminals use Trojan.Win32.Mediyes to generate advertising revenue by forcing computer users into visiting a particular website repeatedly. Trojan.Win32.Mediyes is commonly associated with a rootkit infection, which injects Trojan.Win32.Mediyes's code into a running system file process. While Trojan.Win32.Mediyes has some limited data stealing capabilities, its main function is as a browser hijacker. Because of its close association with other malware threats, online scams and attack websites, ESG malware analysts consider that Trojan.Win32.Mediyes is a severe threat to your computer's security and should be removed immediately with a reliable anti-malware tool.
Table of Contents
Trojan.Win32.Mediyes Uses a Stolen Digital Certificate to Help Its Attack
Trojan.Win32.Mediyes has attracted a lot of attention from PC security researchers. While the way Trojan.Win32.Mediyes works is not particularly new or interesting, the fact that Trojan.Win32.Mediyes uses a real VeriSign signature to avoid detection is quite interesting. Basically, a digital certificate that was meant for the use of the Swiss company Conpavi AG was stolen by criminals. This signature has resurfaced in Trojan.Win32.Mediyes attack, used to conceal this browser hijacker from some anti-malware applications. As of April of 2012, this fake digital signature has allowed Trojan.Win32.Mediyes to infiltrate at least five thousand computers, most of which are located in the European Union. It is advisable to use several layers of anti-malware protection and not to rely on a single security program. That way, even if one anti-virus application is fooled by Trojan.Win32.Mediyes's stolen certificate, another may be able to catch this threat before Trojan.Win32.Mediyes causes any damage.
How Trojan.Win32.Mediyes Infects a Computer System
Trojan.Win32.Mediyes is installed by the Mediyes rootkit, which is removed after Trojan.Win32.Mediyes has delivered its payload. Trojan.Win32.Mediyes does not use its own independent file process and is injected into running Windows file processes, making Trojan.Win32.Mediyes difficult to detect through normal means. Trojan.Win32.Mediyes has limited capabilities to detect and steal passwords for various popular websites. Trojan.Win32.Mediyes is designed to report to a remote server, and Trojan.Win32.Mediyes can also receive updates, which make Trojan.Win32.Mediyes more difficult to remove or that change the attack pattern for its browser redirects. All of these features make Trojan.Win32.Mediyes a potential severe threat to your computer's security, as Trojan.Win32.Mediyes can easily open the doors for additional malware attacks on the infected computer.
Aliases
15 security vendors flagged this file as malicious.
Anti-Virus Software | Detection |
---|---|
Panda | Suspicious file |
Antiy-AVL | Trojan/win32.agent.gen |
McAfee-GW-Edition | Generic.dx!bfgf |
F-Prot | W32/Mediyes.E2.gen!Eldorado |
Panda | Trj/CI.A |
AVG | Suspicion: unknown virus |
Fortinet | W32/Mediyes.QA!tr |
Ikarus | Trojan.Win32.Mediyes |
AhnLab-V3 | Trojan/Win32.Gen |
AntiVir | TR/Crypt.XPACK.Gen5 |
DrWeb | Trojan.PWS.Siggen.37538 |
Comodo | UnclassifiedMalware |
BitDefender | Gen:Variant.Graftor.29937 |
Kaspersky | HEUR:Trojan.Win32.Generic |
Avast | Win32:Malware-gen |
URLs
Trojan.Win32.Mediyes may call the following URLs:
hetaruvg.com |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.