A ransomware has been discovered that disables your antivirus


Although we install antivirus on our computers, new software is able to disable these antiviruses. The software discovered by Sophos installs a second driver on users’ computers and leaves the system completely vulnerable.

People think that when they install antivirus on their computers, they are generally safe. However, a recent study reveals that even if you have antivirus on your system, you will never be as safe as you think. According to the research, hackers are now using antivirus to disable antivirus.

Research by a security company named Sophos revealed that a new “ransomware” software can occupy Windows systems. The software manages to infiltrate the Windows system by attacking the drivers of Gigabyte. Then, by installing a second driver on the system, it disables the antivirus that is running.

A vulnerability was discovered in 2018:
Ransomware takes advantage of a vulnerability discovered by Gigabyte in 2018. Gigabyte had previously accepted that such a vulnerability exists in systems. Thanks to this vulnerability, hackers can easily access the system and disable antivirus on this computer, easily performing their actions.

The second driver installed by hackers is blocking the processes and files of the antivirus in the system. Thus, the virus, which does not encounter any resistance, rests comfortably on the victim’s computer. Sophos also mentioned in the description that such a virus was first discovered.

Ransomware uses a third-party driver with Microsoft’s signature on it. This driver can replace kernel files to install its own malicious driver. The normal driver that changes kernel files is thus completely disabled.

Ransomware is a software used by malicious hackers who want to demand ransom from their victims. According to reports, the victims of hackers have to pay a fee to access the files on their computers. If the victim does not pay a fee, an additional $ 10,000 is added to the fee they have to pay.

Steel.exe is the name of the executable file in Gigabyte’s gdrv.sys driver used by hackers. This extracts a file named ROBNR.EXE and transfers it to the temporary files section of Windows. ROBNR.EXE installs two different drivers, one of which is Gigabyte.


Please enter your comment!
Please enter your name here