Backdoor.Salgorea

By ZulaZuza in Backdoors

Backdoor.Salgorea is a backdoor Trojan that opens a back door on the corrupted PC. Backdoor.Salgorea may propagate through spam emails carrying a harmful .hta file. When run, Backdoor.Salgorea replicates itself as the malevolent files on the infected computer system. Backdoor.Salgorea creates a partially modified copy of itself to the temporary folder and runs this copy with parameter '--help'. Backdoor.Salgorea also creates the clean file and executes it. Backdoor.Salgorea then creates the schedule task files in order to run the file 'sidebar.exe' daily. Backdoor.Salgorea creates the registry entry so that it can load automatically whenever you boot up Windows. Backdoor.Salgorea also creates other registry entries.

Table of Contents

SpyHunter Detects & Remove Backdoor.Salgorea

File System Details

Backdoor.Salgorea may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	%Temp%\KeePass.exe
Name: %Temp%\KeePass.exe Type: Executable File Group: Malware file
2.	%Temp%\[RANDOM FILE NAME].exe
Name: %Temp%\[RANDOM FILE NAME].exe Type: Executable File Group: Malware file
3.	%UserProfile%\Application Data\Microsoft\Windows Sidebar\sidebar.exe
Name: %UserProfile%\Application Data\Microsoft\Windows Sidebar\sidebar.exe Type: Executable File Group: Malware file
4.	%Windir%\Tasks\Sidebar_[CURRENT USER].job
Name: %Windir%\Tasks\Sidebar_[CURRENT USER].job Group: Malware file
5.	%Windir%\Tasks\Sidebar.job
Name: %Windir%\Tasks\Sidebar.job Group: Malware file
6.	%UserProfile%\Application Data\Microsoft\Windows\AeroGlass.theme
Name: %UserProfile%\Application Data\Microsoft\Windows\AeroGlass.theme Group: Malware file
7.	file.exe	d33a9365a7e71f728b993a4a3ae58335	0
Name: file.exe MD5: d33a9365a7e71f728b993a4a3ae58335 Size: 249.34 KB (249344 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: March 20, 2013
8.	file.exe	a4ae6e1cca7e1411b2dc9bf680e2b1b1	0
Name: file.exe MD5: a4ae6e1cca7e1411b2dc9bf680e2b1b1 Size: 211.45 KB (211456 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: April 28, 2017

Registry Details

Backdoor.Salgorea may create the following registry entry or registry entries:

HKEY..\..\..\..{RegistryKeys}

HKEY_CURRENT_USER\Software\Microsoft\Keyboard\"es-ec" = "[ENCODED DATA]"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBar\OemCustomTheme\"(Default)" = "%UserProfile%\Application Data\Microsoft\Windows\AeroGlass.theme"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Keyboard\"es-ec" = "[ENCODED DATA]"

HKEY_CURRENT_USER\Software\Microsoft\SideShow\Gadgets\"Language" = "[TIME OF INFECTION]"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"Sidebar" = "%Temp%\[RANDOM FILE NAME].exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DevDiv\UC\"SP" = "[TIME OF INFECTION]"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\SideBar\OemCustomTheme\"(Default)" = "%UserProfile%\Application Data\Microsoft\Windows\AeroGlass.theme"

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Backdoor.Salgorea

SpyHunter Detects & Remove Backdoor.Salgorea

File System Details

Registry Details

Submit Comment

Trending

Rzfu Ransomware

'YouPorn' Email Scam

Rzkd Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen