W32.Disttrack

W32.Disttrack is an upgraded variant of the dreaded Shamoon, a worm that invoked significant interest from PC security companies due to its direct attacks against crucial components in the system boot process. Besides including Shamoon's previous features, W32.Disttrack has widened its path of destruction to encompass many other files, including media-related content, and can be even more dangerous to the contents of your PC than the already-vicious Shamoon worm. SpywareRemove.com malware analysts recommend particularly strong network security as one of the most important methods of keeping W32.Disttrack away from your computer, since W32.Disttrack utilizes networks to infect new PCs, an infection vector that Shamoon also used to damage tens of thousands of computers in Middle Eastern attacks.

W32.Disttrack: Putting Your Hard Drive on the Fast Track to Annihilation

W32.Disttrack, like its recent ancestor Shamoon, automatically installs itself through local networks and removable devices when vulnerabilities present themselves. Avoiding unnecessary sharing of USB flash drives and keeping high security settings for network-shared folders should be considered absolutely crucial to minimize W32.Disttrack's distrbution. While most Shamoon attacks have been associated with industrial targets (such as the Saudi Aramco oil company), SpywareRemove.com malware experts have noted that W32.Disttrack's functions are just as dangerous to personal computers and lack any strict prerequisites that would limit their targets to any government or business-based systems. Local domains are explicitly targeted by W32.Disttrack's attempts at propagation.

W32.Disttrack, unlike earlier Shamoon-based worms, targets a broad range of files besides MBR (Master Boot Record) ones and overwrites them with randomized data (as opposed to the burning flag image that was preferred by Shamoon). Files that SpywareRemove.com malware experts can confirm as being targeted in W32.Disttrack's data-overwriting attacks include any files that are in a folder or subfolder with any of the following text strings:

• Desktop
• Document
• Download
• Music
• Picture
• Video

For example, any stored content in the default Windows folder 'My Documents' would be overwritten by W32.Disttrack. So far, SpywareRemove.com malware analysts note that files that are in locations that don't reference these text strings are unaffected by W32.Disttrack's attacks.

The Trouble in Catching W32.Disttrack Red-Handed

W32.Disttrack, just like its close relative Shamoon, also deletes itself and overwrites the MBR in the final stages of its attack. This causes the W32.Disttrack-infected PC to be unable to boot while also removing most traces of the original W32.Disttrack infection's existence. Because recovery from such attacks requires that you repair your MBR with an appropriate OS installer, SpywareRemove.com malware analysts recommend that you use anti-malware software to block W32.Disttrack infections proactively, rather than attempting to delete W32.Disttrack after W32.Disttrack is already compromised your PC.

Files that are overwritten by W32.Disttrack can be considered no better than deleted, and, in light of Shamoon's continued development under the name of W32.Disttrack, this should be considered an excellent reason to make regular backups of important files. Remote backups on separate USB devices can be considered ideal to prevent any possibility of W32.Disttrack infecting your backups along with the originals.