Loading ...|
|
Tweet |  More |
Backdoor.Winnti.B Description
Backdoor.Winnti.B is a Trojan that opens a back door on the targeted PC. While being executed, Backdoor.Winnti.B drops a few malevolent files
and creates registry entries. Backdoor.Winnti.B sets a handler routine using SetConsoleCtrlHandler that drops the threat in the file system so that it loads automatically whenever you boot up Windows. Backdoor.Winnti.B connects to a command-and-control server and, thus, permits remote attackers to conduct a variety of harmful actions, such as stealing confidential data. Backdoor.Winnti.B deletes the main component of itseld
after being loaded into memory.
Type: Backdoors
How Can You Detect Backdoor.Winnti.B?
Backdoor.Winnti.B Removal Details
Backdoor.Winnti.B has typically the following processes in memory:
- %System%\[RANDOM CHARACTERS].dll
- %CurrentFolder%\[RANDOM CHARACTERS].dll
Backdoor.Winnti.B creates the following registry entries:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\”AppInit_DLLs” = “[RANDOM CHARACTERS].dll”
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\”RequireSignedAppInit_DLLs” = “0″
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\”LoadAppInit_DLLs” = “1″
Important Article Disclaimer
This entry was last updated on 09/7/12 and posted on 09/7/12.
You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
Backdoor.Winnti.B
Leave a Comment
Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.