You have been re-routed to the Trojan:Win32/Rimod write up because Trojan%3aWin32%2fRimod has been renamed to Trojan:Win32/Rimod


Trojan:Win32/Rimod is a generic detection for files that change various security settings in the computer.

What to do now

To detect and remove this threat and other malicious software that may be installed in your computer, run a full-system scan with an up-to-date antivirus product such as the following:
For more information on antivirus software, see
Enabling registry editor
This threat may modify the computer to prevent Registry Editor from running. To enable Registry Editor in your computer, please do the following:
  1. Run a command prompt. Click Start>Run and type cmd.
  2. In the command prompt, type the following as is and press Enter:
    reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f
  3. Type exit at the command prompt.
Additional remediation instructions for Trojan:Win32/Rimod
This threat may make lasting changes to a computer’s configuration that are NOT restored by detecting and removing this threat. For more information on returning an infected computer to its pre-infected state, please see the following article/s: 

Threat behavior

Trojan:Win32/Rimod is a generic detection for files that change various security settings in the computer.
Some of the changes files detected as Trojan:Win32/Rimod can make are:
  • Add malicious programs to the authorized applications list
  • Disable firewall notifications
  • Disable System Restore
  • Disable Security Center notifications (if the antivirus, firewall, or Windows Updates are disabled)
  • Disable Task Manager and registry editor tools
Analysis by Andrei Florin Saygo


System changes
The following system changes may indicate the presence of this malware:
  • System Restore is disabled and this is not your setting
  • Security Center notifications are disabled and this is not your setting
  • You cannot access Task Manager and registry editing tools such as Registry Editor


Alert level: Severe
First detected by definition: 1.71.1772.0
Latest detected by definition: and higher
First detected on: Jan 05, 2010
This entry was first published on: Oct 13, 2010
This entry was updated on: Apr 17, 2011

This threat is also detected as:
  • W32/MalwareF.CCPT (Command)
  • Malware.LBWN (Norman)
  • Backdoor.Hupigon.GEKI (VirusBuster)
  • TR/Dropper.Gen (Avira)
  • Trojan.Win32.StartPage.oeo (Rising AV)
  • Trojan.ADH (Symantec)