Backdoor:W32/Spyrat.D

Backdoor:W32/Spyrat.D Description

Backdoor:W32/Spyrat.D is a malicious backdoor trojan that uses the vulnerabilities of the security software to spread and bypasses the normal authentication so that it couldn't be detected by users. Backdoor:W32/Spyrat.D can be installed on a machine by careless computer users when surfing the Internet or by other malware threats. Once Backdoor:W32/Spyrat.D invades a computer system, Backdoor:W32/Spyrat.D can do a lot of operations on the system, for example, infect files and programs, log keystrokes, harm PC system, steal personal information, etc. Remove Backdoor:W32/Spyrat.D from your computer as quickly as possible
before it destroys your PC and steal your private details.

Technical Information

File System Details

Backdoor:W32/Spyrat.D creates the following file(s):
# File Name Detection Count
1 %UserProfile%\Application Data\Microsoft\[random].exe N/A
2 doguzeri.dll N/A
3 %System Root%\Samples N/A
4 %Documents and Settings%\All Users\Application Data\Backdoor:W32/Spyrat.D N/A
5 C:\ProgramData\[random numbers]\ N/A
6 %Program Files%\Backdoor:W32/Spyrat.D N/A
7 3948550101.cfg N/A
8 %User Profile%\Local Settings\Temp N/A
9 %Documents and Settings%\All Users\Start Menu\Programs\Backdoor:W32/Spyrat.D N/A

Registry Details

Backdoor:W32/Spyrat.D creates the following registry entry or registry entries:
RegistryKey
HKEY_LOCAL_MACHINE\SOFTWARE\Backdoor:W32/Spyrat.D
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore "DisableSR " = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Backdoor:W32/Spyrat.D
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Backdoor:W32/Spyrat.D"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "3948550101"
HKEY_CURRENT_USER\Software\Backdoor:W32/Spyrat.D
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'