Backdoor.Korplug.B

Backdoor.Korplug.B Description

Type: Trojan

Backdoor.Korplug.B is a backdoor Trojan that may be used to steal information from an infected computer or install other threats on the affected computer. Backdoor.Korplug.B opens a backdoor on the victim's computer. A backdoor is an expression used to mention an unauthorized opening in the affected computer's security. This unauthorized opening may be used by criminals to install other threats, control the affected computer from a remote location or steal data from the infected computer. If you have a reason to think that your machine has become infected with Backdoor.Korplug.B, security researchers strongly suggest the aid of a powerful anti-malware tool to prevent further damage to your machine or the endangerment of your personal data.

How Backdoor.Korplug.B is Disseminated

Backdoor.Korplug.B has been active since November of 2013. Backdoor.Korplug.B is a Trojan infection, meaning that Backdoor.Korplug.B usually cannot spread on its own (unlike viruses or worms). Trojans like Backdoor.Korplug.B usually require another threat or social engineering tactics to distribute from one PC to another. The following are common ways in which Backdoor.Korplug.B and similar backdoor Trojans may disseminate from one PC to another:

  1. One of the most common ways in which Backdoor.Korplug.B is spread is through the use of social engineering techniques Criminals may try to convince you that the file containing Backdoor.Korplug.B is actually a beneficial file containing something that you need. A common way of doing this is by trying to convince you to view a video and claiming that the Backdoor.Korplug.B file is actually an update for Adobe Flash or for your media player.
  2. Backdoor.Korplug.B may also spread using email or instant messaging spam. These types of unreliable messages may contain an attached file or embedded link that leads the victim to a website where Backdoor.Korplug.B is installed or is the threat itself.
  3. There have been an increase in attack websites and the use of threat kits to deliver threats similar to Backdoor.Korplug.B. These may attack computer users by taking advantage of poorly protected websites. Criminals may insert corrupted scripts into these websites that redirect visitors to attack websites designed to install Trojan infections onto the computers of their visitors.

Technical Information

File System Details

Backdoor.Korplug.B creates the following file(s):
# File Name Detection Count
1 %AllUsersProfile%\Mozilla\WINMM.dll N/A
2 %AllUsersProfile%\Mozilla\WINMM.dll.rom N/A
3 %AllUsersProfile%\Mozilla\Trend2013.dat N/A

Registry Details

Backdoor.Korplug.B creates the following registry entry or registry entries:
RegistryKey
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MOZILLA_MAINTENANCE\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mozilla Maintenance\Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MOZILLA_MAINTENANCE\0000\Control\"*NewlyCreated*" = "0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MOZILLA_MAINTENANCE\0000\"ConfigFlags" = "0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MOZILLA_MAINTENANCE\0000\"DeviceDesc" = "Mozilla Maintenance Service"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mozilla Maintenance\Enum\"Count" = "1"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mozilla Maintenance\"Type" = "272"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mozilla Maintenance\"ImagePath" = "%AllUsersProfile%\Mozilla\DNSBench.exe"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mozilla Maintenance\"Description" = "Mozilla Maintenance Service"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MOZILLA_MAINTENANCE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mozilla Maintenance
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FAST\CLSID: [HEXIDECIMAL NUMBER]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MOZILLA_MAINTENANCE\0000\"Legacy" = "1"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MOZILLA_MAINTENANCE\0000\"ClassGUID" = "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mozilla Maintenance\Enum\"0" = "Root\LEGACY_MOZILLA_MAINTENANCE\0000"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mozilla Maintenance\Security\"Security" = "[HEXIDECIMAL NUMBER]"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mozilla Maintenance\"ErrorControl" = "0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mozilla Maintenance\"ObjectName" = "LocalSystem"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FAST
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MOZILLA_MAINTENANCE\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mozilla Maintenance\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MOZILLA_MAINTENANCE\0000\"Service" = "Mozilla Maintenance"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MOZILLA_MAINTENANCE\0000\"Class" = "LegacyDriver"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MOZILLA_MAINTENANCE\"NextInstance" = "1"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mozilla Maintenance\Enum\"NextInstance" = "1"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mozilla Maintenance\"Start" = "2"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mozilla Maintenance\"DisplayName" = "Mozilla Maintenance Service"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceCurrent\"" = "[ORIGINAL VALUE + 1]"

More Details on Backdoor.Korplug.B

The following URL's were found:
Tip: We recommend blocking the domain names as well as the IP addresses associated with them.
  • Dns.tendgroup.com
  • Smtp.tendgroup.com
  • Tendgroup.com

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.