Backdoor.LegMir.BZ
Backdoor.LegMir.BZ is a Windows platform backdoor Trojan horse. Once Backdoor.LegMir.BZ is executed it will copy itself with random names to various locations on a compromised machine. Backdoor.LegMir.BZ may also open a conduit for attackers to access a PC and steal sensitive data such as passwords. Backdoor.LegMir.BZ will put a victim at risk of Identity Theft.
File System Details
Backdoor.LegMir.BZ may create the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %System%\dllcache\tmp.exe | |
| 2. | %System%\temp.exe | |
| 3. | %System%\dllcache\stub.exe | |
| 4. | %System%\dllcache\temp.exe | |
| 5. | %System%\drivers\tmpp.exe | |
| 6. | %System%\drivers\Interop.MessengerAPI.dll | |
| 7. | %System%\dllcache\recycled.exe | |
| 8. | %System%\drivers\svchost.exe | |
| 9. | %System%\dllcache\Interop.MessengerAPI.dll | |
| 10. | %System%\drivers\stub.exe | |
| 11. | %System%\dllcache\myporn.scr | |
| 12. | %System%\dllcache\doc.pif | |
| 13. | c:\RECYCLER\S-1-5-21-8749679017-0950430147-468708784-3200\recycler.scr | |
| 14. | %System%\wbem\Performance\WmiApRpl_new.ini |
Registry Details
Backdoor.LegMir.BZ may create the following registry entry or registry entries:
[HKEY_CURRENT_USER\Software\TACO]
[HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Security]
[HKEY_CURRENT_USER\Software\Yahoo\pager\View\YMSGR_buzz]
[HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\Outlook\Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
[HKEY_CURRENT_USER\Software\Microsoft\OLE]
[HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Outlook\Security]
