Worm.Win32.Macoute

General Explanation

Type: Worm

Degree of destruction: high

Prevalence: High

What is the Worm?

Computer worms such as Macoute are types of malware that are capable of reproduction. For permanence, worms set ways to maintain the infection in each system boot. The prominent feature of worms is in their distribution which is generally performed through portable drives and shared directories in the network.

What is Macoute malware?

This malware will store information and press a key on the user’s system and by this means it can detect important information such as banking data and user’s passwords and sends them to its server. The distribution method of this malware is that after detecting portable drives, it will put a copy of itself for all folders in this drive and then choose the folder icon over its copy to set itself instead of the main folder.

Technical Explanation

This malware has the Keylogger module that stores the pressed key by the keyboard. The activity of Keylogger is like this, it will create a file named Iosystem.dll and will store information in it, and will send it to its server. Also, in every system reboot, the malware will be re-run. This malware will detect the type of different drivers and if a drive is a type of portable drive, it will create a copy of itself for all folders included in the driver and then put the icon of the folder on this copy.

Signs of infection

  • A folder named win in the program files path and a copy of malware name exe with the icon like windows folder in this path.
  • A folder name dll in the %temp% path
  • This malware will put its execution files in the HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run registry.

How to deal with it and disinfect it

Padvish by having UMP capability which is a part of behavioral protection will prevent the system from being infected by portable drives. So, to prevent infection by any type of malware such as Macoute which is transferred from portable drives, it is recommended to install Padvish antivirus.

If your system is infected by Macoute malware, follow these steps:

  • Install Padvish on your system
  • Plug the infected portable drive-in
  • Scan drive-by Padvish to disinfect your portable drive and system.

 

  0 people found this article useful

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>