Backdoor: Win32/Hostil.F

Backdoor: Win32/Hostil.F Description

Backdoor:Win32/Hostil.F is malignant backdoor trojan infection that gets access to a computer stealthily without your permission and knowledge. Backdoor:Win32/Hostil.F tries to copy itself and connect with a remote server with the use of current network exploits. Then Backdoor:Win32/Hostil.F downloads and executes additional files. Backdoor:Win32/Hostil.F changes registry values to allow its automatic execution every time Windows starts. Moreover, Backdoor:Win32/Hostil.F is able to make changes to browser settings. Remove Backdoor:Win32/Hostil.F as quickly as possible to make your computer safe and clean.

Technical Information

File System Details

Backdoor: Win32/Hostil.F creates the following file(s):
# File Name Detection Count
1 %AppData%\oxy.exe N/A
2 %AppData%\neck10y11p61q4tk2ny0y30782708y184 N/A
3 %Templates%\neck10y11p61q4tk2ny0y30782708y184 N/A
4 %Temp%\neck10y11p61q4tk2ny0y30782708y184 N/A
5 %CommonAppData%\neck10y11p61q4tk2ny0y30782708y184 N/A

Registry Details

Backdoor: Win32/Hostil.F creates the following registry entry or registry entries:
RegistryKey
HKEY_CURRENT_USER\Software\Classes\exefile\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command
[HKEY_CURRENT_USER\Software\Microsoft\Windows] Identity = 0xDBFC8B3C
[HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command] (Default) = ""%1" %*" IsolatedCommand = ""%1" %*"
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command
ctfmon.exe = "%System%\ctfmon.exe"
HKEY_CURRENT_USER\Software\Classes\exefile
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
[HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command] (Default) = ""%AppData%\oxy.exe" -a "%1" %*" IsolatedCommand = ""%1" %*"