Backdoor.Bot

Backdoor.Bot Description

Like its name suggests, Backdoor.Bot is a backdoor Trojan. Like most backdoor Trojans, Backdoor.Bot is designed to allow a hacker to obtain illegal access to a computer through a digital 'backdoor'. Much like a real-life backdoor allows a robber to enter a house or a building without being seen, a backdoor into a computer like the one the Backdoor.Bot establishes allows a criminal to gain access to the infected computer without being detected by the infected computer's security. Once installed, the Backdoor.Bot will open up an unauthorized opening that allows criminals to carry out tasks by gaining access to the infected computer from a remote location. If you are afraid that your PC has been in contact with Backdoor.Bot, you should scan your computer with a reliable anti-malware tool after restarting Windows in Safe Mode.

While a backdoor can be used to do anything on the infected computer (for example, stealing information, installing other malware, or deleting the contents of the infected computer's hard drive), the Backdoor.Bot itself is usually associated with scams that involve identity theft or stealing login data for online gaming and banking accounts. The Backdoor.Bot can also be used to execute a keylogger component on the infected computer. This keylogger records all the keys that are pressed on the infected computer's keyboard, meaning that criminals can then use this data to steal your online passwords and sensitive data, such as credit card or bank account numbers. A keylogger can also be used to monitor your activity on the infected computer and spy on your personal communications. Every once in a while, the Backdoor.Bot will deliver all the gathered data to a remote server where criminals can then gain access to it and use it for their own, malicious purposes.

What Kind of Tasks Can the Backdoor.Bot Be Used For?

Apart from stealing your information, Backdoor.Bot can be used as part of other large scale attacks on your computer. Criminals can use the Backdoor.Bot to install other malware on your computer, typically a rogue security program or a Trojan. There are numerous variants of the Backdoor.Bot due to the fact that the established backdoor can be used by criminals for a number of scams and attacks. Basically, the Backdoor.Bot allows criminals nearly the same level of control as if they were sitting in front of your computer's screen.

Aliases: Generic16.CDTS [AVG], Trojan.Win32.Midgare [Ikarus], Trojan.Win32.Inject.flr, Packed.Win32.Rebhip.a.1 (v) [Sunbelt], Trojan.Win32.Buzus.fl, Win-Trojan/Buzus.608256.D [AhnLab-V3], Trojan/Buzus.pif, Win32/Kollah.APV [eTrust-Vet], Heuristic.BehavesLike.Win32.Suspicious.H [McAfee-GW-Edition], Win32.HLLW.Autoruner.9222 [DrWeb], Trojan-Dropper:W32/Malis.gen!H [F-Secure], Trojan.Win32.Midgare!IK, Backdoor.Win32.Agent.50180, Trojan.Generic.2093113 [BitDefender] and Trojan.Win32.Buzus.bwqx [Kaspersky].

Technical Information

File System Details

Backdoor.Bot creates the following file(s):
# File Name Size MD5 Detection Count
1 %USERPROFILE%\Start Menu\Programs\Startup\rl9g0bwwr1l.exe 39,936 26615614660d568b2509a5373cbcad1c 9
2 %TEMP%sys.exe 203,555 6f743f8489ef000c14191c9e547bddca 9
3 %USERPROFILE%\Start Menu\Programs\Startup\1lgww1g.exe 39,936 d6299d87ce2518668955468aa91667e3 6
4 %SystemDrive%\RECYCLER\S-1-5-21-8556255180-8340947505-347048866-6696\xpupdate.exe 124,416 2d9b147c2059dce494223b818274d748 6
5 C:\RECYCLER\S-1-5-21-1382786252-2331198890-065395318-6957\winlogon.exe 298,496 208745d6ae95730c1bb66355aaa6d638 4
6 C:\RECYCLER\S-1-5-21-1164416283-0704393758-153681830-7043\djwi2kcew.exe 135,680 160c20bd5a310b92f0a2105fe9b37ace 4
7 %USERPROFILE%\Start Menu\Programs\Startup\ql5g1vqgg1q.exe 39,936 e5aa1ca75d8ce62b7f0ee097346f3cec 4
8 C:\RECYCLER\S-1-5-21-1548338495-1396400765-946418885-8802\wnzip32.exe 107,008 5da6ba2f4f425a04c0ff675e91cd0c9b 2
9 %WINDIR%\System32\winrom.exe 40,448 742f9d3621a981a7bd6fc0cc8d225925 2
10 %USERPROFILE%\Start Menu\Programs\Startup\ffaavqq2kf.exe 39,936 26d217ef3002f934d9f1c4787f2692f2 2
11 %USERPROFILE%\Start Menu\Programs\Startup\qql1faavlaq.exe 39,936 6127348f0451305c0d520129f242ae1c 2
12 %WINDIR%scxhost.exe 131,072 0eca47f9d5b93ca3498526b5580abdbd 2
13 %USERPROFILE%\Start Menu\Programs\Startup\zvlw1mns.exe 39,936 87c7e824dd386017f1b7651a50c3ccce 2
14 %USERPROFILE%\Start Menu\Programs\Startup\awwriiduup.exe 39,936 1db63bbbddce7131378767ee8f3eb60e 2
15 %USERPROFILE%\Start Menu\Programs\Startup\0hm86y8.exe 39,936 8bc5757abfcffdf65fe041e8ae000642 2
16 %USERPROFILE%\Start Menu\Programs\Startup\5iidjfv.exe 39,936 94afc9b7ec1a7c00a781e0f5df822c22 2
17 %USERPROFILE%\Start Menu\Programs\Startup\5wwmns8.exe 39,936 a4ec4df6ca473fa9dae91aed5c4b2592 2
18 %APPDATA%\FTF\r.exe 67,997 53d4ee6fb944fa56733d1b099ca2dbd1 2
19 %USERPROFILE%\Start Menu\Programs\Startup\081yjkf.exe 38,400 fd0fc5c46c931405b005b68a9d9a8ed9 1
20 C:\RECYCLER\S-1-5-21-4629222160-8634559352-099394617-1457\MsMxEng.exe 181,248 dc177beeb71e834a7af5e820aa6e9315 1
21 %WINDIR%\system\winrsc.exe 63,488 729182a9cf01c56cf51cd8caed6f88b6 1
22 C:\RECYCLER\S-1-5-21-1947311589-7562745499-915912882-6344\msimfo32.exe 103,424 c67241d3ac991ece12a1c6e091284b82 1
23 %USERPROFILE%\Start Menu\Programs\Startup\2too6aa.exe 39,936 38c94d3fc0147691b03ae361b8c899e3 1
24 %USERPROFILE%\Start Menu\Programs\Startup\rnnjzzv2rmm.exe 39,936 ca96f280ab521b593b0c45676e08e4eb 1
25 %USERPROFILE%\Start Menu\Programs\Startup\uqqlccxooj.exe 39,936 98784700ee33189554b397cd5ee89e2a 1
More files

Related Posts

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.

By ZulaZuza in Backdoors
Translate To: Português
Threat Scorecard
?
The ESL Threat Scorecard is an assessment report that is given to every malware threat that has been collected and analyzed through our Malware Research Center. The ESL Threat Scorecard evaluates and ranks each threat by using several metrics such as trends, incidents and severity over time.

In addition to the effective scoring for each threat, we are able to interpret anonymous geographic data to list the top three countries infected with a particular threat. The data used for the ESL Threat Scorecard is updated daily and displayed based on trends for a 30-day period. The ESL Threat Scorecard is a useful tool for a wide array of computer users from end users seeking a solution to remove a particular threat or security experts pursuing analysis and research data on emerging threats.

Each of the fields listed on the ESL Threat Scorecard, containing a specific value, are as follows:

Ranking: The current ranking of a particular threat among all the other threats found on our malware research database.

Threat Level: The level of threat a particular computer threat could have on an infected computer. The threat level is based on a particular threat's behavior and other risk factors. We rate the threat level as low, medium or high. The different threat levels are discussed in the SpyHunter Risk Assessment Model.

Infected Computer: The number of confirmed and suspected cases of a particular threat detected on infected computers retrieved from diagnostic and scan log reports generated by SpyHunter's Spyware Scanner.

% Change: The daily percent change in the frequency of infected computers of a specific threat. The formula for percent changes results from current trends of a specific threat. An increase in the rankings of a specific threat yields a recalculation of the percentage of its recent gain. When a specific threat's ranking decreases, the percentage rate reflects its recent decline. For a specific threat remaining unchanged, the percent change remains in its current state. The % Change data is calculated and displayed in three different date ranges, in the last 24 hours, 7 days and 30 days. Next to the percentage change is the trend movement a specific malware threat does, either upward or downward, in the rankings. Each level of movement is color coded: a green up-arrow (∧) indicates a rise, a red down-arrow (∨) indicates a decline, and a brown equal symbol (=) indicates no change or plateaued.

Top 3 Countries Infected: Lists the top three countries a particular threat has targeted the most over the past month. This data allows computer users to track the geographic distribution of a particular threat throughout the world.
Ranking: N/A
Threat Level: 8
Infected Computers: 376