Threat Database Trojans Trojan:Win32/Reveton.N


By Sumo3000 in Trojans

Trojan:Win32/Reveton.N is a ransomware Trojan that blames affected PC users for downloading and storing illegal content or performing cybercrime actions on the targeted computer. Trojan:Win32/Reveton.N blocks an affected computer system and asks a victim to pay a fine to unlock the PC. Trojan:Win32/Reveton.N displays a full-screen webpage, which contains image/notification, based on the targeted geographical location, listing instructions for the payment of the so-called ransom. The webpage covers all other windows on the infected computer and does not allow victims using it. Trojan:Win32/Reveton.N also creates a shortcut file, which points to the DLL file, permitting the DLL file to load automatically whenever you turn your PC on. Trojan:Win32/Reveton.N changes your Internet Explorer settings by creating registry entries. Trojan:Win32/Reveton.N does not display the protected mode banner in Internet Explorer. Trojan:Win32/Reveton.N permits mixed content to display in Internet Explorer. Trojan:Win32/Reveton.N ends genuine processes on the corrupted PC.

File System Details

Trojan:Win32/Reveton.N may create the following file(s):
# File Name Detections
1. wpbt0.dll
3. !d7.tmp
4. !d2.tmp
5. %AppData%\[reverse of file name].pad
7. [startup folder]\runctf.lnk

Registry Details

Trojan:Win32/Reveton.N may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 "1609" = "dword:00000000"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_CURRENT_USERU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 "2500" = "dword:00000003"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "NoProtectedModeBanner" = "dword:00000001"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3


Most Viewed