Backdoor.Proxyier Description

Backdoor.Proxyier is a family of Trojans that includes malware such as the Claretore Trojans, and several variations of the Proxyier family. Backdoor.Proxyier is a relatively recent infection, first detected in December of 2012. ESG security researchers have classified any contact with Backdoor.Proxyier Trojans as severe security risks which should be dealt with at once. According to ESG security analysts, there have been several reports of Backdoor.Proxyier infections being spread through infected music websites, particularly targeting computer users in India. While Backdoor.Proxyier Trojans may have several ways of attacking a computer system, they all have in common the fact that they attempt to inject themselves into running file processes on the infected computer to try to monitor any web browser activity in order to attempt to direct the victim towards URLs containing other malware or online scams. ESG security analysts have received reports of Backdoor.Proxyier infections being spread through a file named scandsk.exe, which is disguised as a security program. Actually, this file is the Backdoor.Proxyier Trojan itself.

How the Backdoor.Proxyier Trojans Infect a Computer System

The main symptom of a Backdoor.Proxyier infection is the appearance of a malicious modification to the Windows Registry which, pretending to be a 'Windows Update Center', actually allows Backdoor.Proxyier to run automatically when the infected computer starts up. During its installation process, Backdoor.Proxyier creates two files, an EXE and a TMP file. These have randomly-generated names and are placed in the System Folder and in the Temp folder respectively. Backdoor.Proxyier also creates the registry entry mentioned above. Once this is done, Backdoor.Proxyier can use the TMP file as a variation of a DLL hijacking attack, by attempting to copy it into every process currently running on the infected computer system.

The main way in which Backdoor.Proxyier attacks is by trying to intercept web browser communications, by monitoring essential DLL files used by all web browsers. It then has the ability to intercept and replace links in web pages. For example, some variants of Backdoor.Proxyier have been found to replace the JavaScript used by Google advertisements in order to change the advertisements displayed on the infected computer (allowing criminals to profit from advertising revenue). Backdoor.Proxyier has the ability to monitor the infected computer and relay this information to a remote server through a 'backdoor' (an unauthorized opening) in the infected computer system's security.

Technical Information

File System Details

Backdoor.Proxyier creates the following file(s):
# File Name Size MD5
1 file.exe 463,877 43a6067f34419267d3086206683ada7a
2 _ex-08.exe 646,144 e5ba68e3ea1e15b7952e8ff8ea6f8e04
More files

Site Disclaimer is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

HTML is not allowed.