{"id":818,"date":"2017-08-27T05:10:59","date_gmt":"2017-08-27T13:10:59","guid":{"rendered":"http:\/\/www.nortonsecurityonline.com\/faq\/?post_type=ht_kb&#038;p=818"},"modified":"2025-05-22T14:14:22","modified_gmt":"2025-05-22T22:14:22","slug":"trojan-kotver-information-and-removal","status":"publish","type":"ht_kb","link":"https:\/\/www.antivirusaz.com\/faq\/art\/trojan-kotver-information-and-removal\/","title":{"rendered":"Trojan.Kotver &#8211; Information and Removal"},"content":{"rendered":"<p><a href=\"\/security-center\/virus-information\/kovter-trojan.html\">Trojan.Kotver<\/a> is a Trojan horse that performs click-fraud operations on the compromised computer.<\/p>\n<p>Once executed, the Trojan checks if Windows PowerShell is installed on the compromised computer. If Windows PowerShell is installed, the Trojan creates multiple registry entries.<\/p>\n<p>If the compromised computer does not have Windows PowerShell installed, the Trojan will create a copy of itself in the following location:<\/p>\n<p>%UserProfile%\\Application Data\\[RANDOM FOLDER NAME]\\[RANDOM FILE NAME].exe<\/p>\n<p>The Trojan will then create multiple registry entries.<\/p>\n<p>The Trojan injects itself into the following Windows process:<\/p>\n<ul>\n<li>regsvr32.exe<\/li>\n<\/ul>\n<p>Next, the Trojan connects to the following remote location:<\/p>\n<ul>\n<li>[http:\/\/]155.94.67.5\/uploa[REMOVED]<\/li>\n<\/ul>\n<p>The Trojan may download additional software onto the compromised computer, such as the following:<\/p>\n<ul>\n<li>Microsoft .NET Runtime<\/li>\n<li>Microsoft Internet Explorer<\/li>\n<li>Adobe Flash Player<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>The Trojan then performs click-fraud operations which involves covertly downloading large numbers of online advertisements onto the compromised computer and then automatically clicking or interacting with them with a view to earning fraudulent advertising revenue for the attacker.<\/p>\n<p>&nbsp;<\/p>\n<p>To remove this malware, check the instructions on the <a href=\"https:\/\/support.norton.com\/sp\/en\/us\/home\/current\/solutions\/v119650544\" target=\"_blank\" rel=\"noopener noreferrer\">Remove Kotver malware variants from your computer<\/a> page.<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Trojan.Kotver is a Trojan horse that performs click-fraud operations on the compromised computer. Once executed, the Trojan checks if Windows PowerShell is installed on the compromised computer. If Windows PowerShell is installed, the Trojan creates multiple registry entries. If the compromised computer does not have Windows PowerShell installed, the Trojan will create a copy of [&hellip;]<\/p>\n","protected":false},"author":4,"comment_status":"closed","ping_status":"closed","template":"","format":"standard","meta":{"footnotes":""},"ht-kb-category":[509],"ht-kb-tag":[538,537],"class_list":["post-818","ht_kb","type-ht_kb","status-publish","format-standard","hentry","ht_kb_category-malware","ht_kb_tag-kotver","ht_kb_tag-kovter"],"blocksy_meta":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Trojan.Kotver - Information and Removal<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.antivirusaz.com\/faq\/art\/trojan-kotver-information-and-removal\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Trojan.Kotver - Information and Removal\" \/>\n<meta property=\"og:description\" content=\"Trojan.Kotver is a Trojan horse that performs click-fraud operations on the compromised computer. Once executed, the Trojan checks if Windows PowerShell is installed on the compromised computer. If Windows PowerShell is installed, the Trojan creates multiple registry entries. If the compromised computer does not have Windows PowerShell installed, the Trojan will create a copy of [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.antivirusaz.com\/faq\/art\/trojan-kotver-information-and-removal\/\" \/>\n<meta property=\"og:site_name\" content=\"Antivirus and Security Software FAQs &amp; Blog\" \/>\n<meta property=\"article:modified_time\" content=\"2025-05-22T22:14:22+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.antivirusaz.com\/faq\/wp-content\/uploads\/2023\/02\/antivirusaz-faq-blog-logo.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1536\" \/>\n\t<meta property=\"og:image:height\" content=\"512\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.antivirusaz.com\\\/faq\\\/art\\\/trojan-kotver-information-and-removal\\\/\",\"url\":\"https:\\\/\\\/www.antivirusaz.com\\\/faq\\\/art\\\/trojan-kotver-information-and-removal\\\/\",\"name\":\"Trojan.Kotver - Information and Removal\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.antivirusaz.com\\\/faq\\\/#website\"},\"datePublished\":\"2017-08-27T13:10:59+00:00\",\"dateModified\":\"2025-05-22T22:14:22+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.antivirusaz.com\\\/faq\\\/art\\\/trojan-kotver-information-and-removal\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.antivirusaz.com\\\/faq\\\/art\\\/trojan-kotver-information-and-removal\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.antivirusaz.com\\\/faq\\\/art\\\/trojan-kotver-information-and-removal\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.antivirusaz.com\\\/faq\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trojan.Kotver &#8211; Information and Removal\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.antivirusaz.com\\\/faq\\\/#website\",\"url\":\"https:\\\/\\\/www.antivirusaz.com\\\/faq\\\/\",\"name\":\"Antivirus and Security Software FAQs & Blog\",\"description\":\"Frequently asked questions about antivirus and security software, and other computer security related issues.\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.antivirusaz.com\\\/faq\\\/#organization\"},\"alternateName\":\"AntivirusAZ.com FAQs & Blog\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.antivirusaz.com\\\/faq\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.antivirusaz.com\\\/faq\\\/#organization\",\"name\":\"AntiVirusAZ.com\",\"url\":\"https:\\\/\\\/www.antivirusaz.com\\\/faq\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.antivirusaz.com\\\/faq\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.antivirusaz.com\\\/faq\\\/wp-content\\\/uploads\\\/2023\\\/02\\\/antivirusaz-faq-blog-logo.png\",\"contentUrl\":\"https:\\\/\\\/www.antivirusaz.com\\\/faq\\\/wp-content\\\/uploads\\\/2023\\\/02\\\/antivirusaz-faq-blog-logo.png\",\"width\":1536,\"height\":512,\"caption\":\"AntiVirusAZ.com\"},\"image\":{\"@id\":\"https:\\\/\\\/www.antivirusaz.com\\\/faq\\\/#\\\/schema\\\/logo\\\/image\\\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Trojan.Kotver - Information and Removal","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.antivirusaz.com\/faq\/art\/trojan-kotver-information-and-removal\/","og_locale":"en_US","og_type":"article","og_title":"Trojan.Kotver - Information and Removal","og_description":"Trojan.Kotver is a Trojan horse that performs click-fraud operations on the compromised computer. Once executed, the Trojan checks if Windows PowerShell is installed on the compromised computer. If Windows PowerShell is installed, the Trojan creates multiple registry entries. If the compromised computer does not have Windows PowerShell installed, the Trojan will create a copy of [&hellip;]","og_url":"https:\/\/www.antivirusaz.com\/faq\/art\/trojan-kotver-information-and-removal\/","og_site_name":"Antivirus and Security Software FAQs &amp; Blog","article_modified_time":"2025-05-22T22:14:22+00:00","og_image":[{"width":1536,"height":512,"url":"https:\/\/www.antivirusaz.com\/faq\/wp-content\/uploads\/2023\/02\/antivirusaz-faq-blog-logo.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.antivirusaz.com\/faq\/art\/trojan-kotver-information-and-removal\/","url":"https:\/\/www.antivirusaz.com\/faq\/art\/trojan-kotver-information-and-removal\/","name":"Trojan.Kotver - Information and Removal","isPartOf":{"@id":"https:\/\/www.antivirusaz.com\/faq\/#website"},"datePublished":"2017-08-27T13:10:59+00:00","dateModified":"2025-05-22T22:14:22+00:00","breadcrumb":{"@id":"https:\/\/www.antivirusaz.com\/faq\/art\/trojan-kotver-information-and-removal\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.antivirusaz.com\/faq\/art\/trojan-kotver-information-and-removal\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.antivirusaz.com\/faq\/art\/trojan-kotver-information-and-removal\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.antivirusaz.com\/faq\/"},{"@type":"ListItem","position":2,"name":"Trojan.Kotver &#8211; Information and Removal"}]},{"@type":"WebSite","@id":"https:\/\/www.antivirusaz.com\/faq\/#website","url":"https:\/\/www.antivirusaz.com\/faq\/","name":"Antivirus and Security Software FAQs & Blog","description":"Frequently asked questions about antivirus and security software, and other computer security related issues.","publisher":{"@id":"https:\/\/www.antivirusaz.com\/faq\/#organization"},"alternateName":"AntivirusAZ.com FAQs & Blog","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.antivirusaz.com\/faq\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.antivirusaz.com\/faq\/#organization","name":"AntiVirusAZ.com","url":"https:\/\/www.antivirusaz.com\/faq\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.antivirusaz.com\/faq\/#\/schema\/logo\/image\/","url":"https:\/\/www.antivirusaz.com\/faq\/wp-content\/uploads\/2023\/02\/antivirusaz-faq-blog-logo.png","contentUrl":"https:\/\/www.antivirusaz.com\/faq\/wp-content\/uploads\/2023\/02\/antivirusaz-faq-blog-logo.png","width":1536,"height":512,"caption":"AntiVirusAZ.com"},"image":{"@id":"https:\/\/www.antivirusaz.com\/faq\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/www.antivirusaz.com\/faq\/wp-json\/wp\/v2\/ht-kb\/818","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.antivirusaz.com\/faq\/wp-json\/wp\/v2\/ht-kb"}],"about":[{"href":"https:\/\/www.antivirusaz.com\/faq\/wp-json\/wp\/v2\/types\/ht_kb"}],"author":[{"embeddable":true,"href":"https:\/\/www.antivirusaz.com\/faq\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.antivirusaz.com\/faq\/wp-json\/wp\/v2\/comments?post=818"}],"version-history":[{"count":1,"href":"https:\/\/www.antivirusaz.com\/faq\/wp-json\/wp\/v2\/ht-kb\/818\/revisions"}],"predecessor-version":[{"id":4320,"href":"https:\/\/www.antivirusaz.com\/faq\/wp-json\/wp\/v2\/ht-kb\/818\/revisions\/4320"}],"wp:attachment":[{"href":"https:\/\/www.antivirusaz.com\/faq\/wp-json\/wp\/v2\/media?parent=818"}],"wp:term":[{"taxonomy":"ht_kb_category","embeddable":true,"href":"https:\/\/www.antivirusaz.com\/faq\/wp-json\/wp\/v2\/ht-kb-category?post=818"},{"taxonomy":"ht_kb_tag","embeddable":true,"href":"https:\/\/www.antivirusaz.com\/faq\/wp-json\/wp\/v2\/ht-kb-tag?post=818"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}