BackDoor-CEP!yo
BackDoor-CEP!yo is a Trojan that spreads via unsolicited e-mails. Once BackDoor-CEP!yo is inside a PC it will give remote attackers unauthorized access to the infected machine. The attackers will then have control over the infected PC as well as access to the confidential information stored on it. BackDoor-CEP!yo may also download additional malware onto the system.
File System Details
BackDoor-CEP!yo may create the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %WinDir%\system32\update\server.exe | |
| 2. | %WinDir%\system32\update | |
| 3. | %UserProfile%\Local Settings\Temp\XxX.xXx | |
| 4. | %UserProfile%\Local Settings\Temp\UuU.uUu |
Registry Details
BackDoor-CEP!yo may create the following registry entry or registry entries:
HKEY_USERS\S-1-[Varies]\Software\expl
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\]
HKLM = "%WinDir%\system32\update\server.exe"
HKCU = "%WinDir%\system32\update\server.exe"
HKEY_USERS\S-1-[Varies]\Software\Microsoft\Visual Basic\6.0
NewIdentification= "expl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\]
[HKEY_USERS\S-1-[Varies]\Software\Microsoft\Windows\CurrentVersion\Run\]
HKEY_USERS\S-1-[Varies]\Software\Microsoft\Visual Basic
FirstExecution = "Date Of Execution"
Policies = "%WinDir%\system32\update\server.exe"
[HKEY_USERS\S-1-[Varies]\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\]
