Backdoor.Mishko

Backdoor.Mishko is a threat that is distributed to users via spam emails. Mishko is a backdoor Trojan that allows remote code execution on compromised systems and can be deployed by Trojan droppers like Sventore and FrauDrop as well. The threat is named after one of the sites it uses as its 'Command and Control' server — mishko.piranho.com. Backdoor.Mishko needs to have administrative privileges on the OS to work correctly. Therefore, users may notice a UAC (User Account Control) prompt from an unknown file when Mishko is being installed. Backdoor.Mishko is known to run as sysmgr.exe within the svchost.exe host process by Windows. Backdoor.Mishko is not as sophisticated as the Trochilus RAT and is likely to lack a digital signature.

Malware researchers report that the Mishko backdoor Trojan is programmed to access native Windows tools to facilitate some of its functions. Mishko is known to execute commands via the rundll32.exe module that is used to handle functions exported from a DLL. Rundll32.exe ships with Microsoft Windows OS and is used by legitimate programs as well. Therefore, you should not delete it. The Mishko backdoor Trojan ensures its operations on the next restart by editing autoexec.bat, which is used by Windows to run programs on boot. Additionally, Mishko may inject code into Microsoft Office and Internet Explorer. Backdoor.Mishko may store its files in the Temp folder where temporary Internet files are stored. Security investigators add that the Mishko threat can send control codes to device drivers for the keyboard, mouse, video and audio card directly. Computer users that are infected with Mishko may notice unsolicited modification to their programs and file system. You will need a trusted anti-malware tool to remove the Mishko Backdoor Trojan.