Wipeout! New Trojan (Trojan.KillFiles.904) Can Obliterate Your Computer

The Russian anti-virus vendor Doctor Web has issued a warning about a new Trojan that can, potentially, delete every single file and folder on a compromised computer.

(If you don’t already know what a Trojan is, then check out this post : What Exactly Is A Trojan?)

Trojan Killfiles

The new Trojan has an appropriate name – Trojan.KillFiles.904 and has been confirmed in the wild since the beginning of this month.

If you are unfortunate enough to be infected with Trojan.KillFiles.904 then all of your files and data are at serious risk.

The Trojan will search all drives on your system, both internal and external, and including small devices such as USB sticks and flash memory cards.

Trojan.KillFiles.904 will search for drives in reverse logical order, i.e. it will look for drive Z: first and A: last.

Whenever it finds a drive it will attempt to remove all files and folders contained on it, whether they are visible or hidden.

Talking of hidden files, if the Trojan cannot delete a file for some reason, such as the fact that it may be currently in use, then it will assign the ‘hidden’ attribute to it, making it inconvenient at best for a user to then find it.

The only files and folders that the Trojan will leave untouched are Windows system files whiich mean that you could actually continue to use your computer as normally whilst being blissfully unaware of what was happening in the background.

The KillFiles.904 Trojan is therefore quite unique because it doesn’t attempt to steal personal data or lead to any kind of extortion from the programmer.

Instead it is designed with the singular purpose of destroying any system it finds its way onto.

Nasty!

As ever, having a good anti-virus program installed is a great way of avoiding such a devastating attack but I would also urge anyone who has large amounts of important information on their computer to back it up on a regular basis, just in case.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Comments

  1. No, it’s not a good question. It’s a stupid question. A file — encrypted or not — is a file. It will be deleted.

  2. Though it probably sounds like idle speculation and paranoia, a very reasonable and viable explanation for the amount of time and effort placed into such seemingly pointless creations is that it is for the benefit of the anti-virus industry. The more dangerous the virus the more paranoia it can instill, encouraging profit and thus active development within the AV industry. One could go so far as to suspect that a larger portion of new viruses come from anti-virus companies themselves than from tech-savvy teens with nothing to gain. Aside from that, there have been many cases in the past of proficient and notorious virus writers being hired by large software firms, including some specializing in digital security no doubt. Paranoia perhaps, but paranoia based in logic.

  3. Guy N. Cognito says:

    What about encrypted files such as with true crypt?

  4. Who knows what motivates someone to create such a Trojan – boredom, misspent youth perhaps?

  5. anonymoose says:

    WTF would people create this shit for? Fucking idiot trolls.

  6. Yeah, it should delete those as well. This trojan isn’t out to farm data (in which case, your encrypted files should not be able to be accessed), just destroy files. Encryption won’t keep files from being erased.

  7. Well the files are encrypted, but not necessarily read/write protected.
    Thats a good question, but my assumption is that it would be gone like the rest of your files

Trackbacks

  1. […] dangerous.┬áThese sites are being used more and more by Hackers for phishing schemes and planting Trojans onto your computer.These types of site attacks are increasing all over the Internet.This is a […]

  2. […] I reckon it is just a new, maybe even clever(?), method of tricking people into installing the latest Trojan.Helpfully Comically, the site advises that installation may be hampered if the user has antivirus […]

  3. […] of the best and most creative methods that are available to malware authors today is to create a Trojan package that is able to upload and install on your computer without the victim having to do […]

  4. […] link led to a video which, if clicked to download a ‘codec’, would instead install a Trojan called OSX/Jahlav-C.Interestingly, this Trojan targets the Mac OS which is normally considered to […]

  5. […] Wipeout! New Trojan (Trojan.KillFiles.904) Can Obliterate Your ComputerWhat Exactly Is A Trojan?Trojan.Kardphisher – Effects And RemovalHow Is The Zbot Trojan Spread Via Fake IRS Emails?Guy Kawasaki Has Twitter Account Hacked. Spreads Malware Link. Mac OS Users Beware.Promise Of Free Tickets Leads To Delta_RQ763.exe TrojanBeware Of The 4th Of July E-card Malware ScamWhat Exactly Does A Trojan Horse Do?What Is A Trojan Horse And Why Should You Worry About It?Microsoft Office Outlook Web Is Being Spoofed By Hackers Cancel reply […]

  6. […] it much thought previously until “Anon” left the following comment on my post about Trojan.Killfiles.904 – Though it probably sounds like idle speculation and paranoia, a very reasonable and viable […]

Speak Your Mind

*