By Domesticus in Backdoors

Threat Scorecard

Threat Level: 60 % (Medium)
Infected Computers: 10
First Seen: July 27, 2012
Last Seen: July 8, 2018
OS(es) Affected: Windows

BackDoor.DaVinci.1 is a cross-platform Trojan that can infect computers running both Windows and Mac OS X operating systems. While, traditionally, Mac OS X computers are considered more secure to malware than Windows computers, this line of thinking is misleading. ESG malware analysts consider that using any operating system, including Linux variants, without anti-malware protection is dangerous and exposes your computer to severe infections, which can threaten your privacy and bank account. This is because of the rise of cross-platform third-party applications and platforms, such as Java and Flash, have made it easier for criminals to target a wider variety of computers and even mobile devices. BackDoor.DaVinci.1 is a dangerous Adobe Flash Player JAR file that poses a severe threat to all computers and mobile devices using Windows or Mac OS X operating systems.

The main reason why BackDoor.DaVinci.1 is so dangerous is because BackDoor.DaVinci.1 can use rootkit technology in order to hide its own processes and files from detection. BackDoor.DaVinci.1 can also be used to hide other malware on the infected computer. ESG malware analysts have observed that BackDoor.DaVinci.1 was created and is distributed by HackingTeam, a group of computer criminals that has been active for nearly a decade. BackDoor.DaVinci.1 has backdoor capabilities that allow criminals to adapt BackDoor.DaVinci.1 to their own needs. Using BackDoor.DaVinci.1, criminals can install other malware, steal valuable information or perform any number of other dangerous functions on the infected computer. This is because BackDoor.DaVinci.1, much like a real-life back door, establishes an opening in the infected computer's security that can be used to install files or steal data without the victim's knowledge or authorization. BackDoor.DaVinci.1's malicious JAR file uses an invalid digital certificate to carry out its attack.

How BackDoor.DaVinci.1 Attacks Your Computer

BackDoor.DaVinci.1's JAR file first determines the infected computer's operating system. Then, BackDoor.DaVinci.1 saves and runs a corrupted application which installs this dangerous infection on the victim's computer. BackDoor.DaVinci.1 uses modules which give BackDoor.DaVinci.1 a wide range of functions. These include BackDoor.DaVinci.1's principal backdoor component, an encrypted configuration file, and corrupted rootkit drivers, which allow BackDoor.DaVinci.1 to run on the victim's computer without being detected. Fortunately, despite the fact that HackingTeam claims that BackDoor.DaVinci.1 is invulnerable to advanced anti-malware programs, fully-updated anti-malware applications with anti-rootkit technology should be able to remove BackDoor.DaVinci.1 from an infected computer.

SpyHunter Detects & Remove BackDoor.DaVinci.1

File System Details

BackDoor.DaVinci.1 creates the following file(s):
# File Name MD5 Detections
1. file.exe 0a9aae712f868137e21353d9a8c9291c 6
2. file.exe e99729a13c6bd433c106ebef93f7d27a 1
3. file.exe f665626b791abf1e2a54e721a80ca243 1
4. AdobeFlashPlayer.jar N/A

Registry Details

BackDoor.DaVinci.1 creates the following registry entry or registry entries:
Regexp file mask
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ToolwizCares.exe

1 Comment

That is great removal tool!


Most Viewed