![]() ![]() ![]() If you realize that this bug is on board when it’s just beginning to cause trouble, don’t fail to use the steps below to keep it from going further. #Memz destructive download windowsThe use of Windows installation disc should address the issue. The victim can use the “taskkill /f /im MEMZ.exe” command to terminate the trojan, but the system will remain messed up because of the damaged MBR and partition table. It goes without saying that using a machine compromised by such a disruptive malware is pretty much impossible. Now enjoy the Nyan Cat…” Indeed, then comes the Nyan Cat animation and sound. Rebooting the computer triggers the final Memz payload, where the user will see the following message, “Your computer has been trashed by the Memz trojan. Finally, the infection will be making snapshots of the screen and display those at a growing rate as part of the tunnel effect. On the next stage of the attack, Memz inverts screen color every second. The victim starts noticing the mouse cursor move on its own, and the operating system begins generating error messages and attendant bleeping sounds. It will display random websites or search results for various odd queries, for instance “what happens if you delete system32” or “Internet Explorer is the best browser”. This spooky notification will be followed by the default web browser being haphazardly opened without any such action on the user’s end. The alert says, “Your computer won’t boot up again, so use it as long as you can! Trying to kill Memz will cause your system to be destroyed instantly, so don’t try it.” Once triggered, it displays note.txt Notepad window with a warning message in it. The payload is available as an executable (.exe) or a batch file. #Memz destructive download codeThis means that ill-minded ne’er-do-wells can take the readily available code and deliver it to users via spam or bundled freeware installations. A user nicknamed Leurak posted the entirety of this information on his GitHub page a couple of months ago. Similarly to the nefarious case of Hidden Tear and EDA2 ransomware built for educational purposes, the source code for the Memz trojan was made available to the public. Luckily, this feature is not universal and it’s restricted to the most aggressive variant of the pest only. One of the most destructive things that Memz can do to a computer is the overwriting of the first 64 KB of the hard disk, which affects the Master Boot Record and thus requires advanced troubleshooting through bootable recovery media. Some of the nasty effects include random apps popping up, weird web search queries being automatically looked up in the browser, the mouse cursor gradually going nuts, and many more things that the average user will hate to witness on their workstation. There is more to its activity than mere pranks, though. Its name is a leetspeak variant of the term “Memes”, which basically reflects a lot of what it does to a contaminated PC. The Memz trojan was originally designed as a proof-of-concept viewer-made malware. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |