Backdoor.LegMir.BZ

Backdoor.LegMir.BZ Description

Backdoor.LegMir.BZ is a Windows platform backdoor Trojan horse. Once Backdoor.LegMir.BZ is executed it will copy itself with random names to various locations on a compromised machine. Backdoor.LegMir.BZ may also open a conduit for attackers to access a PC and steal sensitive data such as passwords. Backdoor.LegMir.BZ will put a victim at risk of Identity Theft.

Technical Information

File System Details

Backdoor.LegMir.BZ creates the following file(s):
# File Name Detection Count
1 %System%\dllcache\tmp.exe N/A
2 %System%\temp.exe N/A
3 %System%\dllcache\stub.exe N/A
4 %System%\dllcache\temp.exe N/A
5 %System%\drivers\tmpp.exe N/A
6 %System%\drivers\Interop.MessengerAPI.dll N/A
7 %System%\dllcache\recycled.exe N/A
8 %System%\drivers\svchost.exe N/A
9 %System%\dllcache\Interop.MessengerAPI.dll N/A
10 %System%\drivers\stub.exe N/A
11 %System%\dllcache\myporn.scr N/A
12 %System%\dllcache\doc.pif N/A
13 c:\RECYCLER\S-1-5-21-8749679017-0950430147-468708784-3200\recycler.scr N/A
14 %System%\wbem\Performance\WmiApRpl_new.ini N/A

Registry Details

Backdoor.LegMir.BZ creates the following registry entry or registry entries:
RegistryKey
[HKEY_CURRENT_USER\Software\TACO]
[HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Security]
[HKEY_CURRENT_USER\Software\Yahoo\pager\View\YMSGR_buzz]
[HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\Outlook\Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
[HKEY_CURRENT_USER\Software\Microsoft\OLE]
[HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Outlook\Security]