Backdoor.Revird

Backdoor.Revird Description

Backdoor.Revird is a backdoor Trojan that opens a back door on the compromised PC and aims at stealing sensitive information. When executed, Backdoor.Revird creates potentially malicious files. Backdoor.Revird registers the file '%System%\nwwwsk.dll' as a new service with the particular characteristics, so that it can run automatically every time Windows is started. Backdoor.Revird creates the service by adding entries to the registry subkey. Backdoor.Revird opens a back door on the affected computer, which allows a remote attacker to perform malicious actions that include downloading, uploading, deleting and executing files, and listing, stopping, and starting processes and services. Backdoor.Revird collects information of the attacked PC. Backdoor.Revird copies all files with the extensions such as .pdf, .ppt, .doc, .zip and .rar to the particular folder and transmits them to a predetermined remote location.

Technical Information

Registry Details

Backdoor.Revird creates the following registry entry or registry entries:
RegistryKey
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NWCworkstation

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.