What is the Rietspoof Malware?
Rietspoof is a new malware strain with some very striking features and capabilities. It was first spotted by cybersecurity researchers in 2018.
The main objective of the Rietspoof malware is to allow cybercriminals to gain administrator rights on an infected computer, and to load other malware, depending on the instructions it receives from a command and control center.
What Can the Rietspoof Do?
Depending on the nature of its target, the Rietspoof malware uses several stages to deliver a more versatile malware. The first stage is the infection stage, which is facilitated by instant messaging apps, such as Skype and Live Messenger. Using these instant messaging apps, it delivers a Visual Basic Script that contains a hard coded and encrypted CAB file that initiates the second stage of the infection. In the third stage, the CAB file is expanded into an executable that uses a digitally valid signature. The final stage of the infection installs a downloader.
According to initial reports from cybersecurity researchers, it appears that the command and control center of the malware communicates primarily with IP addresses set to the US. However, this observation should be interpreted cautiously as it doesn’t necessarily confirm a targeted attack on US citizens or corporate entities.
Rietspoof Malware Removal Guide
While novel in many ways, it is actually easy to remove the Rietspoof malware now that cybersecurity researchers have uncovered how the malware operates. A powerful anti-malware solution can be effective in dealing with this malware. Examples of such software include but are not limited to Outbyte Anti-Malware. You will also need to run the anti-malware software in Safe Mode for maximum effectiveness.
To boot your Windows 7 or 10 device into Safe Mode with Networking, take the following steps:
- Open the Run utility tool by pressing the Windows + R keys on your keyboard.
- Type ‘msconfig’ and hit OK.
- On the System Configuration dialog box, go to the Boot tab and choose Safe boot.
- Under Safe boot, select Network.
- Click OK.
- Click Restart.
Using network resources that will be available to you in Safe Mode with Networking, download the anti-malware solution of your choice. Use it to get rid of the Rietspoof malware.
You might want to follow up the work of the anti-malware with that of a PC repair tool because, while the anti-malware will remove the Rietspoof virus, it is the PC repair tool that will delete junk files in the %Temps% and download folders that normally play host to malware entities. PC repair tools may also assist in repairing broken or corrupt registry entries, potentially improving your PC’s performance in the process.
Windows Recovery Options
After using the anti-malware and PC repair combo, the next step in the Rietspoof malware removal guide is to make good use of at least one Windows recovery tool.
With a Windows recovery tool, you can remove any apps, settings, and updates that are problematic, including malware entities. As part of this guide, we will show you how to use at least two Windows Recovery tools.
System Restore
Among the Windows recovery tools, System Restore is the easiest to use. It is also the most ideal, considering that it does not occasion cause significant change to a computer’s settings, apps, and files, especially when a recent restore point is used.
Here is how to get to System Restore on a Windows 10/11 device:
- On the Windows search box, type ‘create a restore point’ and hit Enter. Selecting the first result from this search should get you to the System Properties app.
- Go to the System Protection tab and click System Restore.
- Choose a restore point.
- When prompted, scan for affected programs. Among the affected programs, check if there are any suspicious programs and note them down.
- To complete the System Restore process, follow the on-screen instructions.
It is not always the case that you will have a restore point on your computer, as you need to have created one in the first place. If you don’t have one, you will have to rely on a more drastic Windows recovery tool such as the Refresh this PC option.
Refresh this PC
The Refresh this PC option lets you either remove everything or to keep your files and folders. The choice that you make is up to you. Here are the steps that you need to take on a Windows 10/11 device:
- Navigate to Settings by holding and pressing the Windows + I keys.
- On the Settings window, look for Update & Recovery.
- Under Update & Recovery, click Recovery.
- You shall be presented with two options: Refresh your PC without affecting your files or Remove everything and reinstall Windows. The latter lets you Reset this PC rather and the other one lets you Refresh this your PC. Choose wisely.
- Click Get Started.
Just to reiterate, using a Windows recovery tool ensures that the malware entity and all its dependencies are completely removed from your computer. Now, all you have to do is to make sure that it never finds its way to your device again.
How to Avoid Infection by the Rietspoof Malware
As noted earlier, the Rietspoof malware is spread via Skype and the Live Messenger apps, so if you could avoid opening messages from unknown contacts on these messaging platforms, you will more than halve the risk of infection. Also, install a premium anti-malware solution as it will notify you of any active infections.
Lastly, clean your computer of any junk files, cookies, browsing history, and unnecessary files as often as you can so that even if a malware entity steals your data, it won’t find anything valuable.