Backdoor.Refpron

Backdoor.Refpron Description

Backdoor.Refpron (referred to as Backdoor:Win32/Refpron.M by Sophos) is a backdoor Trojan that provides an unauthorized user with remote access, and in some cases complete control, of a victim's system. Thus Backdoor.Refpron places any and all personal and financial information data at great risk of being stolen, while other files may be uploaded, downloaded and deleted from the hard drive. Computer security and stability may be further degraded as Backdoor.Refpron can download other malicious applications.

Aliases: Trj/Refpron.AI [Panda], Heuristic.LooksLike.Win32.NewMalware.I [McAfee-GW-Edition], Trojan.Packed.20070 [DrWeb], Gen:Trojan.VB.Refpron.1 [BitDefender], Win32:Malware-gen [Avast], Worm/MsnBot.217088 [AntiVir], Malware/Win32.Generic [AhnLab-V3], Trojan.Win32.Generic.51F2838A, Packed.Win32.Koblu.c [Kaspersky], Win32:Delf-MZE [Avast], Trojan.Win32.Generic!BT [Sunbelt], Mal/Refpron-B [Sophos], a variant of Win32/Refpron.BC [NOD32], Heuristic.LooksLike.Trojan.Agent.H [McAfee-GW-Edition] and Refpron.gen.i [McAfee].

Technical Information

File System Details

Backdoor.Refpron creates the following file(s):
# File Name Size MD5 Detection Count
1 %TEMP%lsass.exe 217,088 fb49d4509343a486d8c9acd4529bd8c5 9
2 wiwow64.exe 86,016 c38399857a51912246586f684b5090d0 0
3 87552110.exe 87,552 baa89e192119e1df1c593e102a508aaa 0
4 2293594.exe 133,120 101e1046c450a467c34bd61353e5bebc 0
5 mtrstart.exe 211,968 aacd2f61a68ec43b913707109837af69 0
6 afisicx.exe 93,184 2d17e422fdaad23c535d83ef307c59bf 0
7 sopidkc.exe 97,792 8238fe0a77d64900a23e6448944fee6c 0
8 roytctm.exe 47,616 7e6fc93039ec561c264b9185a6f9a3a2 0
9 wtukd32.exe 157,696 c672a24345d6a3bfcbada8ed55347625 0
10 tdctxte.exe 177,152 113cd305f10f3fbc9292ebe6d6426ef7 0
11 msrstart.exe 240,640 c6fb84c02bdf21607904b0448b6e5dbc 0
12 mabidwe.exe 185,856 ee209c056034e787a85a42ad15ca3e53 0
13 sobicyt.exe 38,400 bd640e5458b7d5beac1b214321a33b40 0
14 roxtctm.exe 38,400 d3ee74d2f63eba3dab9cc7de95670057 0
15 Nobicyt.exe 38,400 2039282f39681a8a86a0307912523a5d 0
16 tdxdowkc.exe 38,400 6b79cfb1c9f6dc02833460b62665812e 0
17 sofatnet.exe 95,232 c8ae1d12e4ff8ea7f809abe592baa417 0
More files

Related Posts

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.