Cobalt Removal Guide

Threat Level:
Rate this Article:
Comments (0)
Article Views: 152
Category: Trojans

If you have not updated your Microsoft Office since the middle of last November, chances are Cobalt has infected your system and cyber villains have taken control of your computer. This Trojan may stay undetected even if you have security software installed. No wonder why it is called a Trojan, since its main purpose is to stay invisible so that long-term exploitation of your system can be accomplished. This could mean that these attackers can spy on you, steal files or even personally identifiable information from you, including account logins and passwords. What may come as a shock, the vulnerability this Trojan exploits has actually existed for 17 years but no one has ever disclosed it. The good news is that, at last, it has been taken care of by Microsoft back in November, 2017. So, if you have not updated your Office yet, this may be the right time to do so and to take all other software updates seriously not to end up with such a beast on board. We advise you to remove Cobalt immediately if you do not want to risk being watched and robbed by cyber criminals.

It seems that this Trojan infection mostly attacks Russian computer users since the spam e-mail it is spread by is in fact in Russian. This spam is supposed to have come from Visa payWave, which is a popular purchase method now all over the world. So when you receive this mail, you may actually believe that it is legitimate as its subject field seems to regard transaction regulations. This spam has two attachments, which basically contains the same malicious script. One is an RTF document and the other, a .zip file. Both have the same name, "Изменения в системе безопасности.doc Visa payWave," the only difference being the extension. The .zip file is protected by password, which can make it appear to be even more authentic coming from Visa. This method is also more and more often used by cyber crooks to evade detection by anti-malware software.

Please remember that just like in the case of ransomware attacks, once you open the attached file or files, you seal the fate of your computer. Fortunately, in this case you can still save the day once your update your Office and delete Cobalt from your system. But you can never know how long this Trojan may have been hiding on your system and what sort of data it has gathered and shared about you. This is why it is so essential that you try to prevent such horrible attacks from happening. If you do not trust yourself becoming a safer web surfer, we suggest that you install a trustworthy malware removal application.

As we have mentioned, this Trojan exploits a document vulnerability called CVE-2017-11882 that has existed for 17 years. Cyber crooks are always out there trying to find and exploit old as well as new vulnerabilities to gain access to your computer or, at least, to infect it with malicious programs. This is why you should not take software updates lightly. Keep all your programs and drivers up-to-date if you would like to protect your PC against such malicious attacks.

This Trojan does not actually use a physical file as it is loaded straight into memory after a few script downloads in the background. Once you open the attached document in the spam mail, you start up the chain of actions. When finally Cobalt is up and running, your attackers may have full access to your computer. This can lead to serious security and privacy breaches. Your webcam could be used to track your activities, personal information could be stolen, files could be stolen and destroyed, your system parameters could be overwritten, and the list goes on. No wonder why we recommend that you remove Cobalt as a Trojan right away.

It is not too complicated to eliminate this Trojan. You simply need to delete the related files and update your Office to patch the vulnerability. Please use our instructions below if you want to put an end to this dangerous infection yourself. Remember that there could be other infections on board. Therefore, it is important that you make sure that your system is totally clean before you would go back to use it or go online. If you do not think you could handle this on your own, we suggest that you install a reliable anti-malware program like SpyHunter.

How to remove Cobalt from Windows

  1. Tap Win+E to open File Explorer.
  2. Delete "%APPDATA%\[random name].ps1" file.
  3. Delete the files you may have downloaded from the spam.
  4. Empty your Recycle Bin.
  5. Update your Microsoft Office software.
  6. Reboot your system.
Download Remover for Cobalt *
*SpyHunter scanner, published on this site, is intended to be used only as a detection tool. To use the removal functionality, you will need to purchase the full version of SpyHunter.

Comments are closed.