Backdoor.Egobot Description

Backdoor.Egobot is a Trojan that opens a back door, drops additional malware infections, and steals information on the corrupted PC. Backdoor.Egobot may be distributed through a malevolent .lnk file attached to email messages. When run, Backdoor.Egobot adds infectious files and runs one of the files upon startup. Backdoor.Egobot reads daxctle.dll, the file with the main harmful code, and embeds it into the processes. Backdoor.Egobot opens a back door on the compromised PC, permitting cybercriminals to fulfill various damaging activities. Backdoor.Egobot connects to the particular domain and may drop harmful files. Backdoor.Egobot transfers and gains commands from the remote servers.

Technical Information

File System Details

Backdoor.Egobot creates the following file(s):
# File Name Detection Count
1 %System%\wuauclt.exe N/A
2 %UserProfile%\Local Settings\Microsoft\Windows\Program\Startup\daxctle.dll N/A
3 %System%\spoolsv.exe N/A
4 %UserProfile%\Local Settings\Microsoft\Windows\Program\Startup\detoured.dll N/A
5 %System%\alg.exe N/A
6 %UserProfile%\Local Settings\Microsoft\Windows\Program\Startup\winmsd.exe N/A