Backdoor:W32/Spyrat.D
Backdoor:W32/Spyrat.D is a malicious backdoor trojan that uses the vulnerabilities of the security software to spread and bypasses the normal authentication so that it couldn't be detected by users. Backdoor:W32/Spyrat.D can be installed on a machine by careless computer users when surfing the Internet or by other malware threats. Once Backdoor:W32/Spyrat.D invades a computer system, Backdoor:W32/Spyrat.D can do a lot of operations on the system, for example, infect files and programs, log keystrokes, harm PC system, steal personal information, etc. Remove Backdoor:W32/Spyrat.D from your computer as quickly as possible
before it destroys your PC and steal your private details.
File System Details
Backdoor:W32/Spyrat.D may create the following file(s):
# | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|
1. | %UserProfile%\Application Data\Microsoft\[random].exe | |
2. | doguzeri.dll | |
3. | %System Root%\Samples | |
4. | %Documents and Settings%\All Users\Application Data\Backdoor:W32/Spyrat.D | |
5. | C:\ProgramData\[random numbers]\ | |
6. | %Program Files%\Backdoor:W32/Spyrat.D | |
7. | 3948550101.cfg | |
8. | %User Profile%\Local Settings\Temp | |
9. | %Documents and Settings%\All Users\Start Menu\Programs\Backdoor:W32/Spyrat.D |
Registry Details
Backdoor:W32/Spyrat.D may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Backdoor:W32/Spyrat.D
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore "DisableSR " = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Backdoor:W32/Spyrat.D
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Backdoor:W32/Spyrat.D"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "3948550101"
HKEY_CURRENT_USER\Software\Backdoor:W32/Spyrat.D
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.