Endpoint Protection

 View Only

Trojan.Poweliks: A threat inside the system registry 

Oct 31, 2014 08:11 PM

Symantec Security Response has seen an increase in the number of reports related to a threat known as Trojan.Poweliks. Poweliks is unique when compared to traditional malware because it does not exist on a compromised computer as a file. Instead, it is located in a registry subkey that is found within the computer’s registry.

Poweliks 1 edit.png
Figure. Trojan.Poweliks registry subkey

While Trojan.Poweliks is unique in how it resides on a computer, it can arrive on a computer through more common methods, such as malicious spam emails and exploit kits. Once on the compromised computer, Trojan.Poweliks can then receive commands from the remote attacker.

Poweliks has reportedly been delivered through malicious spam emails that claim to be a missed package delivery from the Canadian Post or the US Postal Service (USPS).

In addition to the malicious spam runs, Poweliks can also be delivered through exploit kits. According to researcher Kafeine, the Angler exploit kit has been observed distributing Poweliks since September 2014.

Symantec continues to investigate and will provide more details as they become available.

Symantec protection
Symantec has the following detections for Poweliks and associated vectors:


Intrusion prevention

Update – November 7, 2014:

To manually remove Trojan.Poweliks, please follow these steps:

Update – November 10, 2014:

To automatically remove Trojan.Poweliks, please follow these steps:

0 Favorited
0 Files

Tags and Keywords

Related Entries and Links

No Related Resource entered.