Trojan.Komodola
Posted: May 21, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Ranking: | 16,768 |
|---|---|
| Threat Level: | 9/10 |
| Infected PCs: | 16 |
| First Seen: | May 21, 2012 |
|---|---|
| Last Seen: | September 8, 2023 |
| OS(es) Affected: | Windows |
Trojan.Komodola is a banking Trojan and browser hijacker that disables Internet security-related drivers and redirects your browser to malicious websites – especially phishing sites that steal account login information. Although some PC security companies have rated Trojan.Komodola's overall danger level as relatively low due to ease of containment and limited distribution, Trojan.Komodola's payload has the capability to steal sensitive information, including passwords for bank accounts that could be exploited in fraudulent attacks. Like most Trojans of its type, Trojan.Komodola doesn't show obvious symptoms, and SpywareRemove.com malware researchers suggest that you use appropriate anti-malware products if you need to protect your PC from Trojan.Komodola or delete Trojan.Komodola entirely.
Trojan.Komodola – a Two-Step Tap to Undo Your Web-Browsing Safety
Although Trojan.Komodola's loadout of attacks isn't significantly different from that of other banking Trojans like Trojan-Downloader.Win32.Banload.bqmv, TSPY_BANKER.EUIQ or Trojan.Spy.Banker.Gen, that doesn't mean that Trojan.Komodola's attacks are necessarily low-priority problems. SpywareRemove.com malware experts have determined that attacks from Trojan.Komodola aren't likely to show visible symptoms but can include consequences such as:
- Redirecting your web browser to phishing sites that specialize in theft of account login information and other types of personal information. Trojan.Komodola's browser redirects are most likely to occur when you try to access a bank-related website and may display a phishing site that's identical to the original bank site (except for minor differences, such as a slightly-altered web address).
- Having GBPlugin uninstalled from your computer. This plugin is used to protect online bank-associated transactions, particularly for Brazilian bank sites.
- Having WinPKFilter uninstalled. As a firewall utility and network management tool, WinPKFilter is often used to block the exact types of changes to your network settings that Trojan.Komodola uses in its attacks.
How to Get Trojan.Komodola Out of Your PC with Your Hard-Earned Money Intact
Since Trojan.Komodola makes alterations to the Windows Hosts file and other Windows settings, SpywareRemove.com malware researchers don't recommend that you try to find or delete Trojan.Komodola by yourself. Competent anti-malware products should be able to detect Trojan.Komodola in a system scan, and until you've done this and removed Trojan.Komodola, you should be cautious about inputting personal information via your web browser – or any other means, for that matter, since similar PC threats to Trojan.Komodola banking Trojans have been known to include keylogging functions.
Since Trojan.Komodola uses attacks that are strongly associated with attempts to compromise Brazil-based banking websites, Brazilian PC users can be especially at risk for potential infection by Trojan.Komodola, and should take appropriate precautions. Hostile websites, misleading social network links and even e-mail-based spam attacks have all been used to install PC threats similar to Trojan.Komodola, and SpywareRemove.com malware researchers encourage you to use broad security measures to keep your PC safe, given that Trojan.Komodola hasn't been found to use specifically-defined attack vectors so far.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%SystemDrive%\SessionChange_[DATE]_[TIME].log
File name: %SystemDrive%\SessionChange_[DATE]_[TIME].logMime Type: unknown/log
Group: Malware file
%System%\snetcfg.exe
File name: %System%\snetcfg.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
%System%\gb_service.exe
File name: %System%\gb_service.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
%System%\gb_catchme.exe
File name: %System%\gb_catchme.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
%System%\devcon.exe
File name: %System%\devcon.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
%System%\registro_itau.reg
File name: %System%\registro_itau.regMime Type: unknown/reg
Group: Malware file
%System%\registro_sicredi.reg
File name: %System%\registro_sicredi.regMime Type: unknown/reg
Group: Malware file
%System%\registro_bb.reg
File name: %System%\registro_bb.regMime Type: unknown/reg
Group: Malware file
%System%\registro_driver.reg
File name: %System%\registro_driver.regMime Type: unknown/reg
Group: Malware file
%System%\drivers\etc\hosts
File name: %System%\drivers\etc\hostsGroup: Malware file
Registry Modifications
HKEY..\..\{Value}HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\auto_gas\"ObjectName" = "LocalSystem"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\auto_gas\"Type" = "0x10"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\auto_gas\"Start" = "0x2"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\auto_gas\"ErrorControl" = "0x0"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\auto_gas\"ImagePath" = "%System%\gb_service.exe"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\NetCfgLockHolder\"(Default)" = "Sample Netcfg Application (netcfg.exe)"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\auto_gas\"DisplayName" = "Auto Gas"
Wham bam thank you, ma'am, my quetsnios are answered!