A new and highly advanced piece of infectious code called the Regin was identified that has been in use to spy on companies, governments, individuals since early 2008.
This malware is known to be a cyber espionage tool and is programmed in such a way that it cannot be detected by any other sources. This malware is designed for a high end mass surveillance. Its features makes it more potential that it can be used to last for many years. It is also noticed that though its presence is identified, it is really difficult to know what it is actually doing.
Regin malware is highly flexible and it can be customized that it can steal password and other important data, infecting computers and capturing screenshots. It inhouses a wide range of Trojan capabilities. It also programs itself to hijack the point and click functions of the mouse, some of the other infections include network traffic monitoring and much more. It is rated as the top most cyber espionage tool.
Most of the malware are created to strain relations between the countries. For many years, it has been heard in the news that the US and China have fought over the accusations of cyber espionage. Most of the targets of Regin’s malware mainly focuses on telecommunications companies and Internet Service providers. The malware has infected most parts of Saudi Arabia, India, Mexico and Russia.
As and when the Regin malware is installed in the PC, malware interferes the PC operations with its malicious activities that are kept hidden in the Trojan folder by the malware author. The Regin malware comprises of five different attack levels, that are concealed and encrypted, except for the first stage that initializes the decrypting process to execute the next stage. All the stages have very little information on the structure of the malware. To know about the complete working of the malware, one should analyze the malicious activity that is posed by all the levels of the malware.
Regin can be deleted manually with several steps
To enter safe mode in Windows 7/Vista/XP, restart PC, Press F8 until the Windows 7 splash screen pops up.
There are advanced Boot options, in this case, by using the up and down keys, Safe Mode could be highlighted. To proceed further, Press Enter.
In the case of Windows 8, Press Windows Key and C, click Settings. Then Click Power, followed by pressing Shift Key on your keyboard and then click Restart.
To enable Safe Mode, Press 4
Click Troubleshoot and click Advanced options.
Click Startup Settings and then click Restart.
Press 4 on your keyboard to Enable Safe Mode.
Step2. Delete the files created by Regin.
To show the hidden and protected files, the first and foremost thing is to change the settings of folder options, as the Trojan establishes its files in the hidden folders
To do this, in Windows 7/Vista, Clisk Start, Select Control Panel, Select Appearance and Personalization and Choose and click Folder options
Select View Tab, in Advanced Settings, select Show hidden files and then OK
In the case of Windows 8, Select Control Panel and click to choose hidden files and folders.
In View tab, Advanced Settings, choose Hidden files and folders and Press OK
Now search for Files and Folders to delete them completely
Then search for the Trojan files to delete them completely.
Step 3: The Registry entries that are created by the Trojans should be deleted.
The Registry Editor can be opened by clicking the Start Button and typing regedit in the search field and then press Enter
Now as the Windows Registry editor opens, try to search and delete the registry keys that are probed by the Trojan.
Step 4: Once all the Registry entries and keys of the Trojan are erased. Reboot the computer in normal mode
Download Free Antivirus Software:
Free Internet Security Software: https://www.comodo.com/home/internet-security/free-internet-security.php