TROJ_KILLDISK.X
Trojan:Win32/KillDisk.M (Microsoft), Trojan.SystemKiller (Malwarebytes), Win32/KillDisk.NBD (ESET-NOD32)
Windows
Threat Type: Trojan
Destructiveness: No
Encrypted: No
In the wild: Yes
OVERVIEW
Downloaded from the Internet, Dropped by other malware
This malware is related to the recent BlackEnergy targeted attacks that affected industries in Ukraine.
To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below.
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
TECHNICAL DETAILS
98,304 bytes
EXE
Yes
01 Jan 2016
Terminates processes, Corrupts hard disk, Restarts system, Deletes files
Arrival Details
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Other System Modifications
This Trojan deletes the following files:
- .crt
- .bin
- .exe
- .db
- .dbf
- .djvu
- .doc
- .docx
- .xls
- .xlsx
- .jar
- .ppt
- .pptx
- .tib
- .vhd
- .iso
- .lib
- .mdb
- .accdb
- .sql
- .mdf
- .xml
- .rtf
- .ini
- .cfg
- .boot
- .txt
- .rar
- .msi
- .zip
- .jpg
- .bmp
- .jpeg
- .tiff
Process Termination
This Trojan terminates the following processes if found running in the affected system's memory:
- komut.exe
- sec_service.exe
Other Details
This Trojan does the following:
- Modify Account Control
- Wipe Master Boot Record Data
- Destroy the affected system by corrupting critical system files
- Reboot the system
SOLUTION
9.800
12.246.02
01 Jan 2016
12.247.00
02 Jan 2016
Restore this file from backup only Microsoft-related files will be restored. If this malware/grayware also deleted files related to programs that are not from Microsoft, please reinstall those programs on you computer again.
NOTES:
Restore the system from backup or reinstalling the operating system.
Did this description help? Tell us how we did.