New Malware Detected
Beware of running executable (.exe) files. We found this sticky virus on a machine and decided to get a copy of it to upload for analysis. WARNING, this malicious trojan cannot be removed via most anti-virus applications (we have tested about 10 different applications) as it replicates and creates a non-intrusive RAT via Supremo Remote Software in order to restore itself. It also escalates privileges and implements a rootkit allowing for complete access while blocking yours. This process was found in a hidden directory C:/ProgramData/WeatherBug/ creating 119 registry records.
Sophos responded to the uploaded detection with:
“1. SetupNow.exe is a New detection: App/DealPly-DD is Published in mdro-idq.ide at 2018-04-15 12:08 BST.
2. Supremo (1).exe is a Updated detection: AppC/Suprem-Gen is Published in rans-blj.ide at 2015-10-15 16:00 BST.”
At the moment, Sophos is the only anti-virus application with the signatures for this virus strain. You can get a license for your business by contacting us directly for a quote. Meanwhile, keep yourself safe by following these tips:
Tip 1: Keep backups of your files.
Tip 2: Don’t download or open anything suspicious.
Tip 3: Use live protection programs such as Sophos Home (Sophos Endpoint for businesses). It will prevent the program before it gets a hold of your machine, however, it cannot remove the damage already done so it is best to follow Tip 1 first.
Check the detection out here:
