Backdoor.Juasek

Backdoor.Juasek Description

Type: Backdoors

First observed in August of 2012, Backdoor.Juasek is a dangerous backdoor Trojan that can affect all versions of the Windows operating system, going as far back as Windows 95. Backdoor.Juasek is designed to enter a computer with the help of a Trojan dropper or social engineering scam and then establish a backdoor on the infected computer. The term 'backdoor' simply refers to an unauthorized opening in the infected computer's security protection. Criminals can use this opening to install other malware on the infected computer or to steal data stored on the compromised computer. Although Backdoor.Juasek is relatively easy to remove with most anti-malware programs, Backdoor.Juasek does not cause overt symptoms, meaning that countless PC users may not be enlightened of Backdoor.Juasek's presence on their computer. This is especially true if your security program(s) is not updated. To avoid becoming infected with Backdoor.Juasek, ESG security researchers recommend maintaining all your security programs up to date and being careful when downloading files or visiting unknown websites.

How Backdoor.Juasek Attacks a Computer

Backdoor.Juasek has two tasks: open a backdoor into the infected computer and send data to a remote host. Once Backdoor.Juasek is executed, Backdoor.Juasek will create a malicious DLL file with a random file name. This random file name will usually be generated by choosing from a list of names. Some examples of names for this malicious DLL file that ESG security researchers have observed include espdate, sparksrv, and spksrv. Then, Backdoor.Juasek makes changes to the Windows Registry that allows its files to run automatically when the infected computer starts up. To ensure that its malicious DLL file is accessed by other applications, Backdoor.Juasek finds a legitimate DLL file with the same name and replaces it with its own, corrupted version. Finally, the Backdoor.Juasek will connect to a remote server in order to receive configuration data, commands and to report on the infected computer's status.

Malicious Actions that Backdoor.Juasek Can Carry Out on the Infected Computer

Although Backdoor.Juasek can install other malware threats on the infected computer, Backdoor.Juasek itself can carry out various malicious actions on the infected computer. These include the following:

  • Backdoor.Juasek's back door can be used to delete files on the infected computer.
  • A criminal can use Backdoor.Juasek to access a command prompt and execute commands on the infected computer.
  • Backdoor.Juasek can also be used to execute files and view data on the infected computer.

Technical Information

File System Details

Backdoor.Juasek creates the following file(s):
# File Name MD5 Detection Count
1 %System%/[RANDOM FILE NAME].dll N/A
2 %System%/svsdll.log N/A
3 file.exe a42f4749820747d7b74c5322b1898a62 0
More files

Registry Details

Backdoor.Juasek creates the following registry entry or registry entries:
RegistryKey
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WMNET
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WMNet\Security\"Security" = "[HEXADECIMAL CHARACTERS]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\"WMNet" = "multi:"WMNet\00""
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WMNet

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.