Backdoor.Matsnu.B
Backdoor.Matsnu.B is a backdoor Trojan that opens a back door on the attacked PC. Once run, Backdoor.Matsnu.B creates copies of itself as one of the harmful files.Backdoor.Matsnu.B creates the registry entries so that it can load automatically whenever the computer owner starts Windows. Backdoor.Matsnu.B connects to one of the domains and waits for instructions from the remote cybercriminal. Backdoor.Matsnu.B
downloads and runs files, updates the list of domains, updates itself, deletes all files and folders in any hard drives found and overwrites the first 10,000 bytes in fixed hard drives and deletes the specific files.
File System Details
Backdoor.Matsnu.B may create the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %Temp%\[RANDOM FILE NAME].exe | |
| 2. | %UserProfile%\[RANDOM FILE NAME].exe | |
| 3. | %UserProfile%\Application Data\[RANDOM FILE NAME].exe | |
| 4. | %DriveLetter%\ntdetect.com | |
| 5. | %DriveLetter%\ntldr |
Registry Details
Backdoor.Matsnu.B may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\"load" = "[PATH TO TROJAN]"
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\"run" = "[PATH TO TROJAN]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\"Startup" = "[PATH TO TROJAN FOLDER]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"[COMPUTER SPECIFIC STRING]" = "[PATH TO TROJAN]"
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.