Trojan.Win32.Mediyes

The Trojan.Win32.Mediyes Trojan causes browser redirects, and criminals use Trojan.Win32.Mediyes to generate advertising revenue by forcing computer users into visiting a particular website repeatedly. Trojan.Win32.Mediyes is commonly associated with a rootkit infection, which injects Trojan.Win32.Mediyes's code into a running system file process. While Trojan.Win32.Mediyes has some limited data stealing capabilities, its main function is as a browser hijacker. Because of its close association with other malware threats, online scams and attack websites, ESG malware analysts consider that Trojan.Win32.Mediyes is a severe threat to your computer's security and should be removed immediately with a reliable anti-malware tool.

Trojan.Win32.Mediyes Uses a Stolen Digital Certificate to Help Its Attack

Trojan.Win32.Mediyes has attracted a lot of attention from PC security researchers. While the way Trojan.Win32.Mediyes works is not particularly new or interesting, the fact that Trojan.Win32.Mediyes uses a real VeriSign signature to avoid detection is quite interesting. Basically, a digital certificate that was meant for the use of the Swiss company Conpavi AG was stolen by criminals. This signature has resurfaced in Trojan.Win32.Mediyes attack, used to conceal this browser hijacker from some anti-malware applications. As of April of 2012, this fake digital signature has allowed Trojan.Win32.Mediyes to infiltrate at least five thousand computers, most of which are located in the European Union. It is advisable to use several layers of anti-malware protection and not to rely on a single security program. That way, even if one anti-virus application is fooled by Trojan.Win32.Mediyes's stolen certificate, another may be able to catch this threat before Trojan.Win32.Mediyes causes any damage.

How Trojan.Win32.Mediyes Infects a Computer System

Trojan.Win32.Mediyes is installed by the Mediyes rootkit, which is removed after Trojan.Win32.Mediyes has delivered its payload. Trojan.Win32.Mediyes does not use its own independent file process and is injected into running Windows file processes, making Trojan.Win32.Mediyes difficult to detect through normal means. Trojan.Win32.Mediyes has limited capabilities to detect and steal passwords for various popular websites. Trojan.Win32.Mediyes is designed to report to a remote server, and Trojan.Win32.Mediyes can also receive updates, which make Trojan.Win32.Mediyes more difficult to remove or that change the attack pattern for its browser redirects. All of these features make Trojan.Win32.Mediyes a potential severe threat to your computer's security, as Trojan.Win32.Mediyes can easily open the doors for additional malware attacks on the infected computer.