DV Hardware software and download news

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
DarkVision Hardware - Daily tech news about processors, graphics cards, memory, NVIDIA, ATi, Intel, AMD, XGI
January 25, 2021 
Main Menu
News archives

Who's Online
There are currently 242 people online.


Latest Reviews
ASUS ROG Strix B450-F Gaming Motherboard
Sonos Move
Ewin Racing Flash gaming chair
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse

Follow us

Gromozon Rootkit Removal Tool

Posted on Monday, January 01 2007 @ 15:18:43 CET by

Unfortunately Gromozon is not a single infection, but a blended attack designed to bypass traditional anti-malware tools. The end result meaning that the machine is not only infected by several well known Trojans but also a highly dangerous Rootkit. Traditional AV vendors are at the moment dealing with the known infections but overlooking the rootkit.

The path of infection is thus:

• On visiting an infected website an obfuscated JavaScript is run.

• The user is forwarded to another site which contains a further obfuscated JavaScript. This connects to a network of websites which are used to launch the infection routine. These websites are constantly changing and since May 2006 have become considerably more numerous

• A server side script is run to analyse the user agent (web browser) under which the user is visiting. Different attack methods are then launched depending on whether the user is running Opera, Firefox or Internet Explorer.

For Internet Explorer, the victim is presented with the option to install an ActiveX control called FreeAccess.ocx This is actually copied into the Windows system32 folder as a randomly named DLL.

Firefox and Opera undergo a very clever piece of social engineering. What appears to be a link to www.google.com is presented to the victim. This unfortunately is not a hyperlink but in fact a cleverly hidden .com file. Once accepted and run, a randomly named DLL is again installed to the windows system32 folder.

• Once the DLL agent is installed, various pieces of Adware are downloaded and installed onto the machine. Examples are the Bravesentry and LinkOptimizer Trojans. The real payload is then downloaded to the victim's computer. Both a Rootkit and service component are installed along with a hidden windows user account. The main purpose of this is to enable the Adware which was previously installed to be hidden from any Anti-malware tools installed on the machine
Program Information

Tools and Utilities

Works on:

Product page: here

Download: Gromozon Rootkit Removal Tool


DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2021 DM Media Group bvba