Microsoft identifies trojan Nemim which deletes its own component files to remain sneaky

Windows Defender

In an official Malware Protection Center blog post, Microsoft goes over the recently identified TrojanDownloader:Win32/Nemim.gen!A. This trojan is sneaky because it is capable of deleting its own downloaded component files which ultimately prevents the files from being isolated and analysed.

“This particular malware is a trojan downloader, and is capable of deleting its downloaded component files in a way that makes them essentially unrecoverable. This prevents the files from being isolated and analysed. Thus, during analysis of the downloader, we may not easily find any downloaded component files on the system; even when using file recovery tools, we may see somewhat suspicious deleted file names but we may be unable to recover the correct content of the file,” Microsoft stated in an official blog post.

Microsoft was able to identify the two component files that eventually get deleted after being executed and one deals with infecting executable files in removable drives and the other deals with stealing your email password, Live Messenger password, Google Desktop and Google Talk passwords.

Microsoft recommends keeping your security software updated and changing your passwords if you think you have been infected. Then again, it is always wise to change your passwords every once in a while.

Share This
Further reading: ,