Backdoor.Snifula.D Description

Backdoor.Snifula.D is a backdoor Trojan that opens a back door on the corrupted PC. When activated, Backdoor.Snifula.D may modify the particular registry entry in order to disable a security notification. Backdoor.Snifula.D may modify the particular registry entry in order to decrease Internet Explorer security settings. Backdoor.Snifula.D also creates a few registry entries. Backdoor.Snifula.D may contact the particular command and control (C&C) servers using a POST request on HTTP port 80. Backdoor.Snifula.D may then gain several commands. Backdoor.Snifula.D may then steal cookie information as well as distribute and execute files from a remote location. Backdoor.Snifula.D may also steal certificates from the victim and forward them to the C&C server. Backdoor.Snifula.D may then create an archive with the stolen certificates in the specific location.

Type: Backdoors

How Can You Detect Backdoor.Snifula.D?

Backdoor.Snifula.D Removal Details

Backdoor.Snifula.D creates the following files in the system:

• %UserProfile%\Local Settings\Temp\[16 HEXADECIMAL CHARACTERS].tmp

Backdoor.Snifula.D creates the following registry entries:

• HKEY_CURRENT_USER\Software\AppDataLow\{GUID}\”Version” = “[HEXADECIMAL VALUE]”
• HKEY_CURRENT_USER\Software\AppDataLow\{GUID}\”k2″ = “[HEXADECIMAL VALUE]“
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\”2500″ = “0″
• HKEY_CURRENT_USER\Software\AppDataLow\{GUID}\”s1″ = “[HEXADECIMAL VALUE]”
• HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\NoProtectedModeBanner
• HKEY_CURRENT_USER\Software\AppDataLow\{GUID}\”k1″ = “[HEXADECIMAL VALUE]”

Important Article Disclaimer