Backdoor.Prioxer.C

Backdoor.Prioxer.C Description

Backdoor.Prioxer.C is a backdoor Trojan that opens a back door on the targeted PC. Once Backdoor.Prioxer.C is run, it will check for a 32-bit environment to proceed, or it will stop. Backdoor.Prioxer.C may create registry entries on the affected computer. Backdoor.Prioxer.C may also delete registry entries. Backdoor.Prioxer.C may hijack one of the services detected in the certain registry subkey. Backdoor.Prioxer.C may delete the file recorded in the specific registry entity. Backdoor.Prioxer.C then deletes the registry entity. Backdoor.Prioxer.C opens a back door on the targeted PC and connects to the specific URLs. Backdoor.Prioxer.C may then accomplish the potentially damaging activities such as drop, run and manage files, grab system information, manage system processes and registry entries, shutdown the PC and clear events log.

Technical Information

Registry Details

Backdoor.Prioxer.C creates the following registry entry or registry entries:
RegistryKey
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\"ie" = "[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\"it" = "[BINARY DATA]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[COMPROMISED SERVICE NAME]\"DependOnService" = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\"id" = "[HEXIDECIMAL NUMBER]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Btr\"Run" = "[BINARY DATA]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\"ie"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[COMPROMISED SERVICE NAME]\"Start" = "4"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\"svcname" = "[COMPROMISED SERVICE NAME]"

More Details on Backdoor.Prioxer.C

The following URL's were found:
Tip: We recommend blocking the domain names as well as the IP addresses associated with them.
  • [RANDOM CHARACTERS].1.hhzstsl.com

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.