RSS

How to remove Regin Malware from your computer

09 Sep

A new and highly advanced piece of infectious code called the Regin was identified that has been in use to spy on companies, governments, individuals since early 2008.

This malware is known to be a cyber espionage tool and is programmed in such a way that it cannot be detected by any other sources. This malware is designed for a high end mass surveillance. Its features makes it more potential that it can be used to last for many years. It is also noticed that though its presence is identified, it is really difficult to know what it is actually doing.

Regin malware is highly flexible and it can be customized that it can steal password and other important data, infecting computers and capturing screenshots. It inhouses a wide range of Trojan capabilities. It also programs itself to hijack the point and click functions of the mouse, some of the other infections include network traffic monitoring and much more. It is rated as the top most cyber espionage tool.

how to remove Regin MalwareMost of the malware are created to strain relations between the countries. For many years, it has been heard in the news that the US and China have fought over the accusations of cyber espionage. Most of the targets of Regin’s malware mainly focuses on telecommunications companies and Internet Service providers. The malware has infected most parts of Saudi Arabia, India, Mexico and Russia.
As and when the Regin malware is installed in the PC, malware interferes the PC operations with its malicious activities that are kept hidden in the Trojan folder by the malware author. The Regin malware comprises of five different attack levels, that are concealed and encrypted, except for the first stage that initializes the decrypting process to execute the next stage. All the stages have very little information on the structure of the malware. To know about the complete working of the malware, one should analyze the malicious activity that is posed by all the levels of the malware.

Regin can be deleted manually with several steps

Step1:
To enter safe mode in Windows 7/Vista/XP, restart PC, Press F8 until the Windows 7 splash screen pops up.
There are advanced Boot options, in this case, by using the up and down keys, Safe Mode could be highlighted. To proceed further, Press Enter.
In the case of Windows 8, Press Windows Key and C, click Settings. Then Click Power, followed by pressing Shift Key on your keyboard and then click Restart.
To enable Safe Mode, Press 4
Click Troubleshoot and click Advanced options.
Click Startup Settings and then click Restart.
Press 4 on your keyboard to Enable Safe Mode.

Step2. Delete the files created by Regin.

To show the hidden and protected files,  the first and foremost thing is to change the settings of folder options, as the Trojan establishes its files in the hidden folders
To do this, in Windows 7/Vista, Clisk Start, Select Control Panel, Select Appearance and Personalization and Choose and click Folder options
Select View Tab, in Advanced Settings, select Show hidden files and then OK

In the case of Windows 8, Select Control Panel and click to choose hidden files and folders.
In View tab, Advanced Settings, choose  Hidden files and folders and Press OK
Now search for Files and Folders to delete them completely
Then search for the Trojan files to delete them completely.

Step 3: The Registry entries that are created by the Trojans should be deleted.

The Registry Editor can be opened by clicking the Start Button and typing regedit in the search field and then press Enter
Now as the Windows Registry editor opens, try to search and delete the registry keys that are probed by the Trojan.

Step 4: Once all the Registry entries and keys of the Trojan are erased. Reboot the computer in normal mode

Useful Resources:

Download Free Antivirus Software:   https://antivirus.comodo.com

Free Internet Security Software: https://www.comodo.com/home/internet-security/free-internet-security.php

Advertisements
 
Leave a comment

Posted by on September 9, 2015 in malware, security software

 

Tags:

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: