Trojan:Win32/Occamy.C

Trojan:Win32/Occamy.C is a threat identified by Microsoft Security Software. This is a typical malware that targets the core system of Windows in order to complete its tasks. Trojan:Win32/Occamy.C was made to execute a series of commands once it gets inside the system. It will gather data like system settings, Windows version, network configuration, and so on. Collected data will be sent to remote attacker for analysis.

Threat behavior

Installation

In general, system will get infected with Trojan:Win32/Occamy.C if malicious code is executed on the computer. Source of this trojan may vary due to the changing ways how it is deployed. Typically, spam email messages disguising as open letter from reputable institution are used to deceive recipients. Body of the message contains enticing phrases that tries to convince user into opening the attached file.

Malicious links from social media sites and instant messaging program are also seen as method used in distributing Trojan:Win32/Occamy.C. Illegally distributed software and media materials may also contain code that can lead to the infection of this malware.

Payload

In order to run itself on Windows start-up, Trojan:Win32/Occamy.C will make a copy of itself under system files. Then, registry entry is created to call the file on each Windows boot-up. Apart from that, this malware will also drop non-malicious files on various folders of the compromised PC.

Trojan:Win32/Occamy.C occasionally connects to a remote host to execute tasks like the following:

  • Notify attacker on the new infection
  • Sends gathered data from the infected computer
  • Download and execute additional files including an updated version of the trojan
  • Accept command from a remote attacker

Symptoms

There is not much obvious symptom from this malware. Trojan:Win32/Occamy.C operates silently in the background. However, Microsoft Security Software may alert you on the presence of this trojan.

Trojan:Win32/Occamy.C is a malware that can drop malicious files onto the computer, which tend to lock files and demand payment from users in order to regain access. Some security programs deemed this threat as a Ransomware with that causes high potential damage.

This Trojan will drop the following files:

C:\Users\Username\AppData\Local\Microsoft\Windows\INet Cache\IE\MIPY49MB\MicrosoftSecurity[1].exe
C:\ProgramData\update.exe
C:\Users\Username\AppData\LocalLow\Microsoft\Cryptnet Url Cache\Content\5CEA8CFB8047B569B331D0E79D28457D

Aliases: Trojan-Ransom.Win32.Blocker.kqwj, Ransom.HiddenTear, Win32.Occamy

 

How can you remove Trojan:Win32/Occamy.C?

To totally remove Trojan:Win32/Occamy.C from the computer and get rid of relevant virus and trojan, please execute the procedures as stated on this page. Make sure that you have completely scan the system with suggested malware removal tools and virus scanners.

Windows XP, Windows Vista, and Windows 7 Instructions:

1. Open Microsoft Security Essentials by going to Windows Start > All Programs. If the tool is not yet installed on the computer, please download Microsoft Security Essentials from the link below. Save the file on your hard drive.

Complete installation guide and usage are also provided on the same link. It is essential in removing Trojan:Win32/Occamy.C effectively. If Microsoft Security Essentials is already installed on the PC, please proceed with the steps below.

2. On Microsoft Security Essentials Home screen, please choose Full under Scan Options.

MSE Full Scan

3. Click on Scan Now button to start detecting Trojan:Win32/Occamy.C items, viruses, and malware on the PC. Scan may take a while, please be patient and wait for the process to end.

Windows 8 / 10 Instructions:

Windows Defender is a free tool that was built help you remove Trojan:Win32/Occamy.C, viruses, and other malicious items from Windows 8 system. Follow these procedures to scan your computer with Windows Defender:

1. Tap or click the Search charm, search for defender, and then open Windows Defender.

If Windows Defender is not yet installed on the computer, please proceed to download page using the link below. It also contains detailed instruction to install and use the program effectively. Proper usage is required to totally remove Trojan:Win32/Occamy.C

WD-charm

2. On the Home tab, click Full under Scan Options. Click Scan now to start scanning for presence of Trojan:Win32/Occamy.C. The process may take a while to complete.

WD-fullscan

3. After the scan, delete/quarantine identified threats wether it is relevant to Trojan:Win32/Occamy.C or not. You may now restart Windows to complete the virus removal process.

Double Check with Malwarebytes Anti-Malware

1. Download Malwarebytes Anti-Malware from the link below. Save the file on your hard drive.

2. Once the download completes, double-click on the file MB3-SETUP.EXE to run the program.

3. Select desired installation language when it prompts you.Then, click OK.

4. Continue with the process until MalwareBytes Anti-Malware is fully installed on the computer. The program will run automatically.

5. When Malwarebytes Anti-Malware interface appears, please select Scan on sidebar menu. Then, choose Threat Scan as shown in the image below. Click on Start Scan button to begin the process. The program will check for any available update before proceeding. Do not skip this step. Virus scan may take a while, please wait for the process to finish.

MBAM-threatscan

6. When scanning is done, Malwarebytes Anti-Malware will display the list of identified threats. Remove all and restart the computer to finalized the scan process.

One thought on “Trojan:Win32/Occamy.C

  1. Andreas Altheimer

    I found this trojan in a bios update from ACER!!! Acer Aspire E1-570G BIOS_Acer_2.06_Windows

Leave a Reply

Your email address will not be published. Required fields are marked *