For those users of Microsoft OS who have not previously used Windows Defender, it is highly recommended to enable it. The Defender was able to detect and neutralize the variant of the Trojan virus Dofoil, which was used by intruders to remotely intercept computers’ capacities and mine cryptocurrency using them.
According to Microsoft, the biggest amount of the computers attacked were Russian, with 73% of detected Trojan programs, followed by Turkey with 18%, and Ukraine closes this list, with 4% of detected viruses. Microsoft has already blocked more than 500,000 Dofoil viruses.
The virus modifies the operating system registry to ensure anonymity in the system. The standard Windows explorer.exe process is infected, and then it creates a copy of the virus in the Roaming AppData folder and renames it in ditereah.exe. It is very difficult for a user to detect a virus on his own, because it is controlled from a standard process and thus can remain on the victim’s computer for quite some time.
Microsoft warned users of Windows 7, Windows 8.1 and Windows 10 that it is extremely undesirable to disable the Windows Defender or Microsoft Security Essentials in order to avoid such kind of virus attacks.