FANDOM


Double agent

Double agent ransom

DoubleAgent is a very dangerous ransomware on Microsoft Windows. It can fully control the user's computer, encrypt their data, take control from the antivirus, and delete some Windows startup files. 

Payload

Once DoubleAgent infects a computer, it alters a user's antivirus to harm the computer instead of protecting it.  

When the DoubleAgent takes over the antivirus, it uses a vulnerability or backdoor in the antivirus to control it. However, since this ransomware has been discovered, this vulnerability has already been fixed.  

In Norton it actually changes the UI and interface of the antivirus.  

The background will be changed with a card of DoubleAgent and will install malware on the system, and uses the AV to encrypt all data on the user's computer.  

The ransomware installs backdoors and clears the antivirus's whitelists/blacklists. Because antiviruses are trusted, any malicious operation done by it would be considered legitimate, giving the ransomware the ability to pass through security measures that do not affect the antivirus. Even so, the antivirus would appear to be working normally, though it will not detect any harmful programs in the user's computer. 

Once a user's antivirus(es) are taken over, the ransomware will use this to easily encrypt the user's files, and even format the user's hard drive.  

This ransomware can control and change these Antiviruses: 

This virus was tested by: 

Cybellum Technologies LTD

Removal

1- Run the PC in Safe Mode with networking.

2- Download HitmanPro AntiMalware.

3- Scan the PC and it will detect the virus.

4- Press Delete to remove the malware.

Or:

1- Run the PC in Safe Mode with networking.

2- Download Zemana AntiMalware.

3- Scan the PC and it will detect the virus. 

4- Press Delete to remove the malware.

DoubleAgent Zero-Day Attacking Norton Antivirus

DoubleAgent Zero-Day Attacking Norton Antivirus