How to Remove Downblocker Trojan

Downblocker is a Trojan horse that downloads potentially malicious files onto the compromised compute and was discovered on August 28, 2017. It can affect Windows 7, 8 and 10 systems and the risk level is Very Low

Once executed, the Trojan creates the following file:

  • %AppData%\IntelSofts_[RANDOM CHARACTERS].exe

The Trojan creates the following registry entry so that it runs every time Windows starts:

  • HKEY_CURRENT_USER\SoftWare\MicroSoft\Windows\CurrentVersion\Run\”IntelSofts” =
  • “%AppData%\IntelSofts_[RANDOM CHARACTERS].exe”

Next, the Trojan connects to one or more of the following remote locations:

  • [http://]164.132.228.29/o/get[REMOVED]
  • [http://]137.74.224.142/z/get[REMOVED]
  • [http://]92.222.68.32/traffic/get[REMOVED]
  • [http://]158.69.218.119/scrip[REMOVED]

The Trojan then downloads and executes the following potentially malicious file:

  • %AppData%\MicrosoftUpdte.exe

Leave a Reply