By

Remove Infostealer.Boyapki.D

cyber-malware-attack-threats1Millions of malware attacks happen every single day. These attackers come from all over the world with different motivations why they do what they do. Some malware authors do attack computer systems for the money. Some are politically motivated. Some just do it for kicks while some just want to watch the world burn. Conspiracy theorists also believe that malware are also written by antimalware companies so they can constantly sell their products. It is quite logical because who would want to buy antimalware software if there are no malware attacks.  That is still a topic of debate, so we’ll just leave that be for now. One of the most dangerous kind of malware is the kind that infiltrates your computer and steal your important data. This kind of attacks have already put a lot of people’s lives in jeopardy and financial ruin.

Infostealer.Boyapki.D is an example of a malware that steals information from infected computers. Technically, this malware is classified as a Trojan horse.  This malware was first detected by IT security experts on January 28, 2016, which is quite recent. It can infect computers using the Windows 2000, Windows 7, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP operating systems. This Trojan horse could be infecting up to thousands of computers by now.

This Trojan spreads through downloads from torrents and shady websites. Once it has entered your computer it will automatically create this registry entry to make sure it runs every time the infected computer starts.

Malware-attack

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”ipv4″ = “%System%\rundll32.exe %Temp%\[RANDOM FOLDER NAME]\[RANDOM FILE NAME].dll\,CallWindows”

It will now steal files (.cer and .der) from the NPKI folder and sends those files to these following servers.

fuckbangzi.lofter.com

100.43.160.70

 

The Trojan will also redirect internet traffic on the infected computer to these following sites:

search.naver.com

www.kbstar.ccm

www.knbank.vo.kr

openbank.cu.vo.kr

www.busanbank.vo.kr

bamking.nonghyup.ccm

www.shinhan.ccm

www.wooribank.ccm

www.hanabank.ccm

www.epostbank.bo.kr

www.ibk.vo.kr

www.daum.net

 

To remove Infostealer.Boyapki.D, you have to first disconnect your computer from the internet for it stop sending data to the attacker’s server.  Then you have to boot your computer to “Safe Mode”. You can now run a full scan of your preferred antivirus program. You can use antimalware programs from Avast, McAfee, Norton, Malwarebytes, AVG, and SuperAntiSpyware. A full scan from these reputable software will usually remove Infostealer.Boyapki.D.  After doing the full scan you should restart your computer for the changes to take effect.

 

Always be mindful of the websites that you visit and the files that you download from torrent sites. To stay out of trouble always use reputable IT security software.

 

By

ARP Spoofing

ARP_Spoofing-example

ARP spoofing is a method that hackers use to send spoofed or hacked ARP (Address Resolution Protocol) messages to a Local Area Network or LAN. The hacker can redirect traffic which was meant for the host or target default gateway to be directed to the hackers IP address. This could be a predecessor for a DDoS (Direct Denial of Service) attack, session hijacking, or man in the middle attacks. An undetected and untreated ARP spoofing attack can lead to disable and destroy small time home LANs or large corporate servers. A lot of modern server takedowns this past few years started with this kind of method.

The Hacktool.ARPSniffer is one the tools that is pretty much capable of disrupting and stopping traffic through ARP spoofing. This malware was first detected February 6, 2007 and has infected thousands of computers using the Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP operating system. There is also a big chance that systems using Windows Server 2003, and Server 2008 could also be infected. Once this has infiltrated your network, it can overload and bust your servers and routers by overwhelming it with internet traffic.  You don’t need to remove Hacktool.ARPSniffer if you have installed decent and trusty firewall software as this would not be able to penetrate your system.

If your system gets infected with this malware, you will notice that network communication will  be slower or just be totally non-existent.  You will also notice a disruption on your internet service. To remove Hacktool.ARPSniffer, you need to disconnect the infected computer from your Local Area Network. After that you’d have to disable System Restore. Once System Restore has been disabled, you’d have to reboot your computer to Safe Mode.  Once it’s there, you need to run the small yet useful program named RKill. This piece of nifty software will disable services that are related to malware. After that, you can now run a full scan of your preferred anti-malware software. You can use Malwarebytes, Norton Antivirus, SuperAntiSpyware, Avast, or AVG. These are the best out there on the market which will be more than enough to remove Hacktool.ARPSniffer. You will need to restart your computer for the changes to take effect.

Getting your network attacked can be a hassle because not only your internet connection will be disrupted, your routers can also be busted. To prevent this kind of attack it is recommended that you install a decent firewall software.

Skip to toolbar