Trojan.Win32.Diabolo

From Total Malware Info

Jump to: navigation, search
The description for Trojan.Win32.Diabolo was created during beta-test of «Malware description on demand» service. Learn more about at: www.dnt-lab.com/en/services.

Trojan.Win32.Diabolo is a trojan, which blocks user's desktop. It is Windows (PE-EXE) application. It's size is 173,056 bytes. It was created in Delphi.

Installation

It copies its executable as: 

c:\windows\Comment.exe

The trojan adds the following registry key to arrange its automatic start-up during the system boot-up: 

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
DirX=c:\windows\Comment.exe

Payload

The trojan blocks user's desktop after 45 seconds of runtime. It shows following figure in the center of the desktop:

Diabolo 0.png

To unblock the desktop it is needed to click twice in the left top corner. You will see the following window:

Diabolo 1.png

Type «DIABOLO» there and click twice the «Achtung!» message.

Removal instructions

  1. Terminate malware process using Task Manager.
  2. Remove original trojan's executable (its location depends on how the trojan penetrated the computer).
  3. Remove the parameter in the key of the system registry: 
    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
DirX=c:\windows\Comment.exe
  4. Delete the file: 
    c:\windows\Comment.exe
Can't find a description for a specific malware?
You can order a description for any computer malware, virus, trojan or worm.
Retrieved from "http://www.totalmalwareinfo.com/eng/Trojan.Win32.Diabolo"
Language
Video Tutorials
Computer and Internet Security Video Tutorials
© 2011 "Design and Test Lab", LLC. All rights reserved.