Aliases: W32/Jorik_Lethic.BBX!tr [Fortinet], TR/Kazy.150630.1 [AntiVir], Trojan.Win32.Jorik.Lethic.bbx [Kaspersky], TROJ_GEN.RCBH1CC, Troj_Generic.ILIWR, Worm.Dorkbot, Artemis!881ED1391F6B [McAfee], Gen:Variant.Kazy.150630, Agent4.AIDY [AVG], W32/Jorik_Lethic.BBR!tr [Fortinet], Trojan.Win32.Jorik [Ikarus], Win32/Agent.PAP, Gen:Variant.Barys.971 (B), TR/Barys.971.241 [AntiVir] and Trojan.Packed.23963 [DrWeb].

Technical Information

File System Details

Backdoor.RDPopen.B creates the following file(s):
# File Name Size MD5 Detection Count
1 %PROGRAMFILES%\StartupSlowFix\StartupSlowFix.exe 4,928,512 29acc0d91e016a41985db5e316f380fd 18
2 %LOCALAPPDATA%\CrashDumps\Best Buy pc app\aevuk.dll 212,992 b1941239be584386455b97203992f80a 11
3 %LOCALAPPDATA%1616221992012lsass.exe 233,472 2122fb72fc947e6d83c796eed4d347a6 5
4 %LOCALAPPDATA%562822192012lsasin.exe 107,008 64d29634c003c03d41c2795cff3e011d 5
5 %LOCALAPPDATA%25422026102012lsas82.exe 54,784 d74a85d67535e7a50340b4d3cf7f8dae 4
6 %LOCALAPPDATA%4822026102012lsas81.exe 54,784 2c1830fde0c2e788043b277b0c4bb7f1 4
7 %LOCALAPPDATA%224391092012lsrssrs.exe 233,472 048530dda09e28b16d8e3ca9a3558561 2
8 %WINDIR%\System32\drivers\Ambfilnt.sys 24,064 1ea99df013ae45b51a5bb46c64d5966a 1
9 %TEMP%0001b4ae.exe 193,645 80773feacf7a738762c31745274a57f1 1
10 %SystemDrive%\Users\Hope\AppData\Local\163201292012lasrrb.exe 233,472 e827c4b2ba3cced11ecb7f59accc3b14 1
11 %LOCALAPPDATA%25291725102012lsas83.exe 54,784 cb6f789a660bcb9b731cd3e88f042199 1
12 %SystemDrive%\Users\Guest\AppData\Local\954209112012lsas87.exe 54,784 b299227830dabf167856f5e436c585a9 1
13 %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\FlasshPlayerV11.1.37.18.exe 167,936 f8a97123896264751c7cc899410a6d81 1
14 %LOCALAPPDATA%10101611112012lsas81.exe 204,800 3ad4a0162c22206d33eab460b3f72feb 1
15 %LOCALAPPDATA%2411913112012lsax.exe 167,936 4f1e0b14ec5dec0a5d76dec46eb8e59b 1
16 %WINDIR%\SysWOW64\lssasr.exe 280,064 fc75e81bcd64fe2b182e7e142cac48e3 1
More files

Site Disclaimer is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

HTML is not allowed.