Backdoor: Win32/Hostil.F Description
Backdoor:Win32/Hostil.F is malignant backdoor trojan infection that gets access to a computer stealthily without your permission and knowledge. Backdoor:Win32/Hostil.F tries to copy itself and connect with a remote server with the use of current network exploits. Then Backdoor:Win32/Hostil.F downloads and executes additional files. Backdoor:Win32/Hostil.F changes registry values to allow its automatic execution every time Windows starts. Moreover, Backdoor:Win32/Hostil.F is able to make changes to browser settings. Remove Backdoor:Win32/Hostil.F as quickly as possible to make your computer safe and clean.
Technical Information
File System Details
Backdoor: Win32/Hostil.F creates the following file(s):
| # | File Name | Detection Count |
|---|---|---|
| 1 | %AppData%\oxy.exe | N/A |
| 2 | %AppData%\neck10y11p61q4tk2ny0y30782708y184 | N/A |
| 3 | %Templates%\neck10y11p61q4tk2ny0y30782708y184 | N/A |
| 4 | %Temp%\neck10y11p61q4tk2ny0y30782708y184 | N/A |
| 5 | %CommonAppData%\neck10y11p61q4tk2ny0y30782708y184 | N/A |
Registry Details
Backdoor: Win32/Hostil.F creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\Classes\exefile\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command
[HKEY_CURRENT_USER\Software\Microsoft\Windows] Identity = 0xDBFC8B3C
[HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command] (Default) = ""%1" %*" IsolatedCommand = ""%1" %*"
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command
ctfmon.exe = "%System%\ctfmon.exe"
HKEY_CURRENT_USER\Software\Classes\exefile
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
[HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command] (Default) = ""%AppData%\oxy.exe" -a "%1" %*" IsolatedCommand = ""%1" %*"