Backdoor.Nineblog Description

Backdoor.Nineblog is a backdoor Trojan that opens a back door on the corrupted PC. Once run, Backdoor.Nineblog creates the infected files. Backdoor.Nineblog also creates the registry entry so that it can run automatically every time the PC user starts Windows. Backdoor.Nineblog contacts the specific remote location. Backdoor.Nineblog transmits the specific information such as the Host name and the list of running processes to the remote location. Backdoor.Nineblog then opens a back door and may drop and execute other Visual Basic scripts on the corrupted PC.

Technical Information

Registry Details

Backdoor.Nineblog creates the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft-Windows-DiskCleaner\"wscript.exe" = "%DriveLetter%\Documents and Settings\Administrator\Application Data\RECYCLER\Microsoft-Windows-DiskCleaner.vbe"

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

HTML is not allowed.