The Cimuz uninstaller
Checking a server that installs a variant of Trj/Cimuz, I came across a link that pointed to remover.exe file:
After analyzing the code of the file, I noticed that it uninstalled the same variant of Trj/Cimuz that had been previously installed from that very same server.
I suppose this is the way the author uses to make tests in order to check if the Trojan works properly and then, get easily disinfected using the uninstaller.
If you enjoyed this post, please consider to leave a comment or subscribe to the feed and get future articles delivered to your feed reader.
Comments
No comments yet.
Sorry, the comment form is closed at this time.