Microsoft finds new Trojan malware that deletes itself

Some people might think Microsoft's own PC anti-virus solutions are lacking compared to other third-party programs, but that doesn't mean Microsoft researchers can't make some new, and potentiality frightening, discoveries in fighting new malware threats.

In a new post on the Microsoft Malware Protection Center blog, Microsoft has found a new Trojan malware threat that is labeled as "TrojanDownloader:Win32/Nemim.gen!A". This new threat is apparently able to delete its own files after it is installed on a PC. The blog adds:

This prevents the files from being isolated and analysed. Thus, during analysis of the downloader, we may not easily find any downloaded component files on the system; even when using file recovery tools, we may see somewhat suspicious deleted file names but we may be unable to recover the correct content of the file.

However, Microsoft's team admitted it "got lucky" and managed to find some of this new Trojan's files. Basically, the files identify the malware as a password stealer that goes after email accounts, Google Desktop, Windows Live Messenger and more, The blog adds, "As such, if you're infected with TrojanDownloader:Win32/Nemim.gen!A, we recommend you change all account passwords after you've cleaned your system, as it's likely you've also encountered PWS:Win32/Nemim.A."

Source: Microsoft
Virus alert image via Shutterstock

Report a problem with article
Previous Story

Microsoft's Terry Myerson: Android is "a mess", no need for Surface phone, and more on WP8

Next Story

Outlook.com Android app gets major redesign with latest update

6 Comments

Commenting is disabled on this article.

I wish they would include a boot option to startup in "read only" mode, meaning any change to the OS or files would auto reverse on the next boot.

>Windows Live Messenger
at least we don't have to worry about that anymore...

Still, reading the TechNet post, it says the main malware is downloaded by the infection, and then the infection starts the malware and I assume the malware then cleans up the infected files it used to exploit its hold on the system.

I always thought that's how it worked, or am I missing something?