Home Malware Programs Trojans Trojan:Win32/Reveton.P

Trojan:Win32/Reveton.P

Posted: January 31, 2013

Threat Metric

Threat Level: 9/10
Infected PCs: 49
First Seen: January 31, 2013
Last Seen: May 22, 2023
OS(es) Affected: Windows

Trojan:Win32/Reveton.P is a ransomware Trojan that affects computer users from certain countries. Trojan:Win32/Reveton.P locks the hacked computer and displays a localized web page that covers the desktop and demands a ransom from affected computer users to be paid for the alleged violation of laws to unlock the machine. Trojan:Win32/Reveton.P may make system changes to the infected computer that make it difficult for PC users to download, install, run, or update anti-virus software. When installed, Trojan:Win32/Reveton.P makes system changes by dropping potentially malicious files. Trojan:Win32/Reveton.P propagates via drive-by download attacks, for example, executed by an exploit pack. Once Trojan:Win32/Reveton.P is activated on the affected computer, it creates a Windows shortcut file (.LNK) in the particular folder, so that it can run automatically every time you start Windows. Trojan:Win32/Reveton.P attempts to avoid firewalls by inserting a code into numerous legitimate processes. Avoiding firewalls may enable Trojan:Win32/Reveton.P to accomplish numerous malicious actions on the compromised PC, involving, but not limited to, downloading and uploading potentially harmful files.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%APPDATA%\<RANDOM CHARACTERS>.js File name: %APPDATA%\<RANDOM CHARACTERS>.js
File type: JavaScript file
Mime Type: unknown/js
Group: Malware file
%APPDATA%\<RANDOM CHARACTERS>.pad File name: %APPDATA%\<RANDOM CHARACTERS>.pad
Mime Type: unknown/pad
Group: Malware file
%USERPROFILE%\Start Menu\Programs\StartUp\runctf.lnk File name: %USERPROFILE%\Start Menu\Programs\StartUp\runctf.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
Loading...