Trojan.Reveton.C is a Trojan infection that changes the Internet browser settings in order to connect to predestined servers. It does not prompt the user in any way and the Trojan installation is carried on behind the user's back. Trojan.Reveton.C's files are dropped in to the Start Menu directory together with all the other programs. The exact location of these files might vary, depending on which operating system you have. For example, for Windows XP and 2003, Trojan.Reveton.C drops its files at USERPROFILE\Start Menu\Programs\Startup directory, while if the Trojan infects Windows Vista or 7, its files can be found at USERPROFILE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup.
To avoid being detected and removed from the computer, Trojan.Reveton.C injects its own code into legitimate processes, successfully hijacking them. No browser can escape the hijacking, because the Trojan's code gets injected into chrome.exe, firefox.exe, iexplore.exe and opera.exe process files. Also at the Startup folder you can find a shortcut file called ctfmon.lnk that leads to the copy of Trojan.Reveton.C.
The symptoms of Trojan.Reveton.C are fairly obvious. It modifies the registry to disable the "Protected mode is currently turned off for the Internet zone" message that is displayed in Internet Explorer. Also, it locks the Internet Explorer's toolbar, to prevent the user from undoing the modifications. Then, Trojan.Reveton.C connects to 18.104.22.168 or wilber.com via ports 80 or 443 and contacts the remote hosts to fulfill it's payload.
Usually once the connection is established; Trojan.Reveton.C confirms Internet connectivity and reports that another computer has been infected to the hacker. Then it receives configuration data and performs various actions based on the attacker's plans. It can also download and execute malicious files, infecting your system with other types of malware. Not to mention that it has the ability to collect various system data and then upload it to the remote server.
Since this infection trespasses your system security and slows down your computer, you need to remove Trojan.Reveton.C as soon as possible. For manual removal, refer to the files below this description, and delete all of them from your computer. For automatic removal, acquire a computer security application and allow it to terminate Trojan.Reveton.C for good.
- Cant change my homepage
- Connects to the internet without permission
- Installs itself without permissions
- Slow Computer
- Slow internet connection
- System crashes