Backdoor: Win32/Hostil.F
Backdoor:Win32/Hostil.F is malignant backdoor trojan infection that gets access to a computer stealthily without your permission and knowledge. Backdoor:Win32/Hostil.F tries to copy itself and connect with a remote server with the use of current network exploits. Then Backdoor:Win32/Hostil.F downloads and executes additional files. Backdoor:Win32/Hostil.F changes registry values to allow its automatic execution every time Windows starts. Moreover, Backdoor:Win32/Hostil.F is able to make changes to browser settings. Remove Backdoor:Win32/Hostil.F as quickly as possible to make your computer safe and clean.
File System Details
Backdoor: Win32/Hostil.F may create the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %AppData%\oxy.exe | |
| 2. | %AppData%\neck10y11p61q4tk2ny0y30782708y184 | |
| 3. | %Templates%\neck10y11p61q4tk2ny0y30782708y184 | |
| 4. | %Temp%\neck10y11p61q4tk2ny0y30782708y184 | |
| 5. | %CommonAppData%\neck10y11p61q4tk2ny0y30782708y184 |
Registry Details
Backdoor: Win32/Hostil.F may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Classes\exefile\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command
[HKEY_CURRENT_USER\Software\Microsoft\Windows] Identity = 0xDBFC8B3C
[HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command] (Default) = ""%1" %*" IsolatedCommand = ""%1" %*"
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command
ctfmon.exe = "%System%\ctfmon.exe"
HKEY_CURRENT_USER\Software\Classes\exefile
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
[HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command] (Default) = ""%AppData%\oxy.exe" -a "%1" %*" IsolatedCommand = ""%1" %*"
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.