Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support Rules regarding submitting

Send a message

Your tickets

Profile

Back to news

Dr.Web-protected systems stave off "bad rabbit"

October 25, 2017

Trojan.BadRabbit, a.k.a. BadRabbit, poses no threat to users whose machines are protected by up-to-date Dr.Web versions that have the preventive protection component enabled. Dr.Web detects the malware as DPH:Trojan.Encoder.32 and thus prevents it from encrypting files. It also prevents the malware from modifying the MBR. The Trojan's payload is similar to that of Trojan.Encoder.12544, also known as Petya, Petya.A, ExPetya and WannaCry-2, and uses the same routine. The program has been examined by Doctor Web's researchers.

Some publications on the Web contain threat mitigation recommendations. The suggested security measures include:

  • Create the read-only file C:\Windows\infpub.dat.
  • Create the read-only file C:\Windows\cscc.dat.
  • Use the Software Restriction Policy settings to prevent the files infpub.dat and install_flash_player.exe from being executed.

Some of these mitigation steps may have a short-term effect, but Doctor Web doesn't recommend using them as a sole means of protection. The smallest of modifications to the malware can render all those steps completely useless. Thus, a reliable anti-virus remains the most robust security tool. The latest Dr.Web version protects systems from this malware.

We will publish a detailed description of the threat once our anti-virus laboratory is finished with its research.

Tell us what you think

You will be awarded one Dr.Webling per comment. To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.


Other comments

The Russian developer of Dr.Web anti-viruses

Doctor Web has been developing anti-virus software since 1992

Dr.Web is trusted by users around the world in 200+ countries

The company has delivered an anti-virus as a service since 2007

24/7 tech support

© Doctor Web
2003 — 2018

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125040