Mendoza (also known by the non-specific name of Trojan.Dropper) is malware that creates a large security hole on your computer. It uses a key-logger to steal your personal and financial data and downloads adware that generates large numbers of popup adverts. The trojan itself also has some adware-like behaviors (specifically changing your home page and default search engine).

Method of InfectionEdit

Some websites trick you by displaying deceptive pop-up ads that may appear as regular Windows notifications with links which look like buttons reading Yes and No. No matter which "button" that you click on, Mendoza will install on your computer through a backdoor and will infect your system without your knowledge or consent.


Mendoza changes your computer's desktop background, hijacks your browser, spies on you, and replaces system files (all without your knowledge or permission). It can also re-install itself even after it is removed by anti-virus software.



  • Mendoza.exe
  • Mendoza1.exe
  • numbsoftnew.exe
  • OEM.exe
  • visfx500new.exe
  • wd7gi8nnew.exe
  • senh.exe
  • sysrtmvs.exe
  • search[2].exe
  • cftmon.exe

Other filesEdit

  • aouei

Registry keysEdit

  • Windows\CurrentVersion\Emitt
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\"CleanShutdown" = "0"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Shell" = "[SET OF RANDOM CHARACTERS].exe"

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.