Backdoor.Krademok

Backdoor.Krademok Description

Type: Backdoors

The Backdoor.Krademok Trojan is a malware threat first appeared in December of 2011. According to ESG security researchers, this malware threat does not have the capacity to spread on its own, but usually relies on social engineering and other kinds of malware in order to infect computer systems. Backdoor.Krademok is capable of infecting computer systems running versions of the Windows operating system from Windows 98 up until Windows Vista. Like most backdoor Trojans, Backdoor.Krademok is designed to create a backdoor into the victim's computer, that is, a kind of hole in the victim's computer's security which a criminal can then use to gain access to the infected operating system, much like an unguarded back door can allow a robber to enter a house and steal its contents. Backdoor.Krademok is more commonly known by its main alias, Dark Comet. As of March of 2012, ESG security researchers have received reports of a rise of cases of Backdoor.Krademok Trojan infection, most probably caused by a spam email scam.

How Backdoor.Krademok Infects Your Computer System

As part of its installation process, Backdoor.Krademok produces a duplicate of its executable file in the infected computer's system folder. Usually, this file will have the EXE extension and has one of many possible names – one such name is userinit.exe. It will also alter the Windows Registry, so the infected operating system will be forced to run Backdoor.Krademok every time that the system starts up. As its main way of attacking, Backdoor.Krademok is designed to display pop-up notifications, often from the task bar, but also some resembling normal Windows error messages. It also has the capacity to use its backdoor to access a remote server and download and install malicious files on the victim's computer.

Backdoor.Krademok opens a port and connects to a remote server which can then allow a criminal to carry out all kinds of malicious activities, including stealing your personal data, spying on your activities or installing other malware on your computer system. Because of its nature, the effects of Backdoor.Krademok depend entirely on the intentions of the criminals using Backdoor.Krademok to attack your computer system. However, you can be sure that Backdoor.Krademok or Dark Comet, will most probably not be used to your advantage.

Technical Information

Registry Details

Backdoor.Krademok creates the following registry entry or registry entries:
Registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Userinit" = "%System%\userinit.exe, [PATH TO TROJAN]"

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.