Site icon Panda Security Mediacenter

The Cimuz uninstaller

Checking a server that installs a variant of Trj/Cimuz, I came across a link that pointed to remover.exe file:
 

After analyzing the code of the file, I noticed that it uninstalled the same variant of Trj/Cimuz that had been previously installed from that very same server.

I suppose this is the way the author uses to make tests in order to check if the Trojan works properly and then, get easily disinfected using the uninstaller.

Exit mobile version