Loading ...|
|
Tweet |  More |
Backdoor.Finfish Description
Backdoor.Finfish is a Trojan that opens a back door on the affected PC. When activated, Backdoor.Finfish may create many harmful files. Backdoor.Finfish also creates a few registry entries. Backdoor.Finfish allows attcakers to obtain remote access and control over the targeted machine. Backdoor.Finfish may then contact the specific command-and-control (C&C) servers. Backdoor.Finfish may then transfer stolen information to remote servers.
Type: Backdoors
How Can You Detect Backdoor.Finfish?
Backdoor.Finfish Removal Details
Backdoor.Finfish has typically the following processes in memory:
- %UserProfile%\Application Data\Microsoft\Installer\[RANDOM CLSID]\shellex32.dll
- %UserProfile%\Application Data\Microsoft\Installer\[RANDOM CLSID]\mssounddx.sys
Backdoor.Finfish creates the following files in the system:
- %UserProfile%\Application Data\Microsoft\Installer\[RANDOM CLSID]\04C.dat
- %UserProfile%\Application Data\Microsoft\Installer\[RANDOM CLSID]\05.dat
- %UserProfile%\Application Data\Microsoft\Installer\[RANDOM CLSID]\7FC.dat
- %UserProfile%\Application Data\Microsoft\Installer\[RANDOM CLSID]\10.dat
- %UserProfile%\Application Data\Microsoft\Installer\[RANDOM CLSID]\12C.dat
- %UserProfile%\Application Data\Microsoft\Installer\[RANDOM CLSID]\14.dat
- %UserProfile%\Application Data\Microsoft\Installer\[RANDOM CLSID]\17C.dat
- %UserProfile%\Application Data\Microsoft\Installer\[RANDOM CLSID]\18.dat
- %UserProfile%\Application Data\Microsoft\Installer\[RANDOM CLSID]\21C.dat
- %UserProfile%\Application Data\Microsoft\Installer\[RANDOM CLSID]\80C.dat
- %UserProfile%\Application Data\Microsoft\Installer\[RANDOM CLSID]\04.dat
- %UserProfile%\Application Data\Microsoft\Installer\[RANDOM CLSID]\02C.dat
- %UserProfile%\Application Data\Microsoft\Installer\[RANDOM CLSID]\7F.dat
- %UserProfile%\Application Data\Microsoft\Installer\[RANDOM CLSID]\11C.dat
- %UserProfile%\Application Data\Microsoft\Installer\[RANDOM CLSID]\12.dat
- %UserProfile%\Application Data\Microsoft\Installer\[RANDOM CLSID]\16C.dat
- %UserProfile%\Application Data\Microsoft\Installer\[RANDOM CLSID]\17.dat
- %UserProfile%\Application Data\Microsoft\Installer\[RANDOM CLSID]\19C.dat
- %UserProfile%\Application Data\Microsoft\Installer\[RANDOM CLSID]\21.dat
- %UserProfile%\Application Data\Microsoft\Installer\[RANDOM CLSID]\20C.dat
- %Temp%\tmp2.tmp
- %UserProfile%\Application Data\Microsoft\Installer\[RANDOM CLSID]\02.dat
- %UserProfile%\Application Data\Microsoft\Installer\[RANDOM CLSID]\05C.dat
- %UserProfile%\Application Data\Microsoft\Installer\[RANDOM CLSID]\11.dat
- %UserProfile%\Application Data\Microsoft\Installer\[RANDOM CLSID]\10C.dat
- %UserProfile%\Application Data\Microsoft\Installer\[RANDOM CLSID]\16.dat
- %UserProfile%\Application Data\Microsoft\Installer\[RANDOM CLSID]\14C.dat
- %UserProfile%\Application Data\Microsoft\Installer\[RANDOM CLSID]\19.dat
- %UserProfile%\Application Data\Microsoft\Installer\[RANDOM CLSID]\18C.dat
- %UserProfile%\Application Data\Microsoft\Installer\[RANDOM CLSID]\20.dat
- %UserProfile%\Application Data\Microsoft\Installer\[RANDOM CLSID]\ico_ty23.ico
Backdoor.Finfish creates the following registry entries:
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSSOUNDDX
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mssounddx
Important Article Disclaimer
This entry was last updated on 07/27/12 and posted on 07/27/12.
You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
Backdoor.Finfish
Leave a Comment
Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.