In this article, I will inform you about the indicators of Reven spyware appearance, as well as the best way to remove Reven spyware virus from your personal computer.
Describing Reven spyware
Reven TrojanSpy as the virus is not a separate program, but a component of far more expansive and tricky malware – trojan-stealer. It’s a kind of trojan, which is targeted on your private information, and gathers really everything regarding you and your personal computer. Normally, stealers have keylogger functions1, which let them to record your keystrokes. Besides that, Reven virus can gather your cookie files, your mobile number, location; it also can thieve all your passwords from the keychain inside of the browser.
| Name | Reven |
| Infection Type | Spyware |
| Symptoms |
|
| Similar behavior | CenterPOS, SeCvarPkg, IcedId |
| Fix Tool |
See If Your System Has Been Affected by Reven spyware |
Nevertheless, the large share of Reven spy are hunting for your banking data: credit card number, security codes as well as expiration date. For instance, if you use online banking, the Reven stealer has the ability to endanger your login and password, so the criminals will get access to your account. Many different corporate data can likewise be a thing of attention of Reven virus distributors, and in the situation of huge companies such data pass may lead to disastrous impacts.
The primary dispersal methods of Reven spyware are very similar to various other trojans. Nowadays, most of such applications are dispersed through e-mail additions. These additions (. docx,. pdf files) have corrupted macroses, which are used by Reven spy to infect your computer. In some cases, such mails include links to the phishing copies of legit websites, like Facebook, Twitter, LinkedIn or so.
Most popular spyware in 20202
It is very important to point out that there is a solitary kind of spyware – for Android operating system. Such applications have comparable functionalities as the computer version does, however, mobile virus is spread as a legitimate program for monitoring the spouse’s or children’s location. Nevertheless, besides taking different private data, it can additionally reveal you a totally wrong area of the phone you are attempting to track. Such situations might trigger beefs out of the blue.
How can I understand that my computer is infected with Reven spyware?
Reven spy is a really stealth malware, because its productiveness relies on for how long it will run before being detected. So, Reven spyware developers made everything to make their malicious program presence as invisible as feasible. Certainly, you will discover that your accounts in social networks are swiped, as well as finances from your bank account is flowing away, but it is far too late.
Reven also known as
| Lionic | Trojan.Win32.Generic.j!c |
| Elastic | malicious (high confidence) |
| MicroWorld-eScan | Gen:Variant.MSILPerseus.67506 |
| FireEye | Generic.mg.3e11f32c22d8ba53 |
| McAfee | Trojan-FOOU!3E11F32C22D8 |
| Cylance | Unsafe |
| VIPRE | Trojan.Win32.Generic!BT |
| Sangfor | Spyware.MSIL.Reven.A!bit |
| K7AntiVirus | Trojan ( 700000121 ) |
| BitDefender | Gen:Variant.MSILPerseus.67506 |
| K7GW | Trojan ( 700000121 ) |
| Cybereason | malicious.c22d8b |
| Arcabit | Trojan.MSILPerseus.D107B2 |
| BitDefenderTheta | Gen:NN.ZemsilF.34182.hp0@aCQ@QSd |
| VirIT | Trojan.Win32.CryptoBlock.B |
| Cyren | W32/MSIL_Perseus.AH.gen!Eldorado |
| Symantec | ML.Attribute.HighConfidence |
| ESET-NOD32 | MSIL/Spy.Agent.AXI |
| APEX | Malicious |
| Kaspersky | HEUR:Trojan-Ransom.Win32.Generic |
| Alibaba | TrojanSpy:MSIL/Reven.480ff939 |
| NANO-Antivirus | Trojan.Win32.Blocker.etmtcp |
| Ad-Aware | Gen:Variant.MSILPerseus.67506 |
| Sophos | Mal/Generic-R + Mal/MSIL-AW |
| DrWeb | Trojan.MulDrop16.13712 |
| Zillya | Trojan.Generic.Win32.654979 |
| TrendMicro | TROJ_GEN.R002C0DB222 |
| McAfee-GW-Edition | Trojan-FOOU!3E11F32C22D8 |
| Emsisoft | Malware.Generic.CN1 (A) |
| SentinelOne | Static AI – Malicious PE |
| Jiangmin | Trojan.Generic.dprtw |
| Avira | TR/Blocker.msdko |
| MAX | malware (ai score=80) |
| Antiy-AVL | Trojan/Generic.ASMalwS.1D941D0 |
| Microsoft | TrojanSpy:MSIL/Reven.A!bit |
| GData | Gen:Variant.MSILPerseus.67506 |
| Cynet | Malicious (score: 99) |
| AhnLab-V3 | Trojan/Win32.Blocker.R203232 |
| VBA32 | TScope.Trojan.MSIL |
| ALYac | Gen:Variant.MSILPerseus.67506 |
| TACHYON | Ransom/W32.DN-Blocker.3262976 |
| Malwarebytes | Ransom.FileCryptor |
| Panda | Trj/CI.A |
| TrendMicro-HouseCall | TROJ_GEN.R002C0DB222 |
| Tencent | Malware.Win32.Gencirc.10babf86 |
| Yandex | TrojanSpy.Agent!5iQh01P3rXQ |
| Ikarus | Win32.Outbreak |
| MaxSecure | Trojan.Malware.10307848.susgen |
| Fortinet | MSIL/Generic.AP.B20AC!tr |
| AVG | Win32:TrojanX-gen [Trj] |
| Avast | Win32:TrojanX-gen [Trj] |
| CrowdStrike | win/malicious_confidence_100% (D) |
Domains that associated with Reven:
What are the symptoms of Reven trojan?
- SetUnhandledExceptionFilter detected (possible anti-debug);
- Creates RWX memory;
- Guard pages use detected – possible anti-debugging.;
- Dynamic (imported) function loading detected;
- At least one IP Address, Domain, or File Name was found in a crypto call;
- Reads data out of its own binary image;
- CAPE extracted potentially suspicious content;
- Authenticode signature is invalid;
- Collects and encrypts information about the computer likely to send to C2 server;
- Installs itself for autorun at Windows startup;
- Attempts to modify Explorer settings to prevent file extensions from being displayed;
- Attempts to modify Explorer settings to prevent hidden files from being displayed;
To prevent injection of Reven spyware, stay clear of releasing any kind of additions to the e-mails from uncertain addresses. These days, throughout quarantine, email-distributed malware becomes even more active. Users (specifically ones that began buying all the things on online-marketplaces) do not focus to the strange email addresses, and open everything that reaches their email. And Reven stealer is right in these emails.
How to remove Reven spyware?
- Download and install GridinSoft Anti-Malware.
- Open GridinSoft Anti-Malware and perform a “Standard scan“.
- “Move to quarantine” all items.
- Open “Tools” tab – Press “Reset Browser Settings“.
- Select proper browser and options – Click “Reset”.
- Restart your computer.
You can try to do it manually, however, like any other trojan, Reven TrojanSpy applies the modifications pretty deep within the system. Hence, it’s very tough to find all these changes, and even more difficult to clean them out. To take care of this hazardous malware completely, I can advise you to use GridinSoft Anti-Malware.
Scanning
To detect and delete all malicious programs on your personal computer with GridinSoft Anti-Malware, it’s better to use Standard or Full scan. Quick Scan is not able to find all malicious programs, because it scans only the most popular registry entries and directories.
You can spectate the detected malicious items sorted by their possible harm during the scan process. But to choose any actions against malicious items, you need to hold on until the scan is finished, or to stop the scan.
To choose the action for each detected malicious or unwanted program, click the arrow in front of the name of detected malware. By default, all malware will be moved to quarantine.
How to remove Reven Spyware?
Name: Reven
Description: Reven TrojanSpy is classified as a type of malware — malicious software designed to gain access to or damage your computer, often without your knowledge. The Reven gathers your personal information and relays it to advertisers, data firms, or external users. The Reven can install additional software and change the security settings on your PC.
Operating System: Windows
Application Category: Spyware
User Review
( votes)- What is Spyware: https://en.wikipedia.org/wiki/Spyware
- ESET quaterly report: ESET_Threat_Report_Q22020.pdf