Rootkit.Cidox.G.VBR

Posted: November 17, 2014

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Ranking:	10,456
Threat Level:	1/10
Infected PCs:	1,899

First Seen:	November 17, 2014
Last Seen:	September 30, 2023
OS(es) Affected:	Windows

Rootkit.Cidox.G.VBR is a rootkit that compromises your system to enable other attacks. Members of the Cidox family may support each other in campaigns that lock the Windows desktop to demand a ransom fee or collect information. Since Rootkit.Cidox.G.VBR loads before your operating system, you may need to use advanced anti-malware techniques and tools for deleting Rootkit.Cidox.G.VBR, particularly in the likely event of other threats being in play.

The Thief that Hides behind the Names of Other Thieves

Rootkit.Cidox.G.VBR is one of the several members of the Cidox or Cidex family that may instigate attacks that lock the Windows desktop, preventing any access to most programs. While this attack occurs, pop-up warnings regarding the presence of CryptoWall (a prominent, ransomware-based family of file encryptors) will appear and request money to remove the infection. However, Rootkit.Cidox.G.VBR and other Cidox-based threats merely use these pop-ups as a well-disguised, illicit ransom of their own.

Rootkit.Cidox.G.VBR also may be associated with attempts to redirect your Web browser to unsafe Web domains. Rootkit.Cidox.G.VBR also may enable the collection of data via keylogging, form-grabbing and other techniques that may target typed or browser-entered information. Passwords and login names for bank sites are especially common targets of these attacks.

Rootkit.Cidox.G.VBR may be just one of multiple Cidox components on any infected PC. Rootkit.Cidox.G.VBR is specific to Windows machines, with a structure for installing itself to the NTFS Volume Boot Record. This means of installation allows Rootkit.Cidox.G.VBR's loading before any Windows programs and lets Rootkit.Cidox.G.VBR run without any requirement for a memory process.

Wiping Your VBR Clean of Rootkit.Cidox.G.VBR

Improperly removing Rootkit.Cidox.G.VBR may cause Windows to fail to boot, as is the case with many rootkit-based threats. By itself, Rootkit.Cidox.G.VBR does not necessarily display any symptoms, and anti-malware products not designed for detecting high-level threats may be unable to identify Rootkit.Cidox.G.VBR. To account for Rootkit.Cidox.G.VBR's defenses and the presence of related threats, any scans to remove Rootkit.Cidox.G.VBR should use Safe Mode. Malware experts also encourage using multiple scans during the progress of at least one reboot.

Rootkit.Cidox.G.VBR profits primarily by confusing its victims into believing that their PCs are infected by threatening software that's unrelated to Rootkit.Cidox.G.VBR. Whether or not you believe that your PC has been locked or encrypted by Windows lockers, file encryptors or other forms of ransomware, paying a demanded ransom always is the worst solution to such a security crisis. Using legitimate security tools always is the recourse malware experts recommend, and regular file backups can prevent any long term data loss from such attacks.

Rootkit.Cidox.G.VBR appears to remain in distribution as of November 2014 and is compatible with most modern versions of Windows, such as Windows 7. Its distribution methods still are under investigation.

Technical Details

Additional Information

The following URL's were detected:

https://feed.istreamsearch.com/?q=