Gromozon Rootkit Removal Tool description
A small utility that can rapidly detect and remove the Gromozon rootkit
Unfortunately the Gromozon Rootkit isn’t a single infection, but a blended attack designed to bypass traditional antimalware security applications.
The end result meaning that the machine is not only infected by several well known Trojans but also a highly dangerous Rootkit. Traditional AV vendors are at the moment dealing with the known infections, but overlooking the rootkit.
Here is how you could get infected with the Gromozon rootkit:
· A server side script will be run to analyse the user agent (web browser) under which the user is visiting. Different attack methods are then launched depending on whether the user is running Opera, Firefox or Internet Explorer.
· For Internet Explorer, the victim is presented with the option to install an ActiveX control called FreeAccess.ocx This is actually copied into the Microsoft Windows system32 folder as a randomly named DLL.
· Firefox and Opera undergo a very clever piece of social engineering. What appears to be a link to www.google.com is presented to the victim. This unfortunately is not a hyperlink but in fact a cleverly hidden .com file. Once accepted and run, a randomly named DLL is again installed to the windows system32 folder.
· Once the DLL agent is installed, various pieces of Adware are downloaded and installed onto the machine. Examples are the Bravesentry and LinkOptimizer Trojans. The real payload is then downloaded to the victim’s computer. Both a Rootkit and service component are installed along with a hidden windows user account. The main purpose of this is to enable the Adware which was previously installed to be hidden from any Anti-malware tools installed on the machine
Please comments and give ratings. You may also report of broken or incorrect link using comments box below. Thanks!