Backdoor:Win32/Losfondup.B Description

Type: Backdoors

Backdoor:Win32/Losfondup.B is a backdoor Trojan that enables cybercriminals to obtain full remote access and control over a compromised PC, makes changes to user system and settings accounts, and embeds itself into running processes. While being installed, Backdoor:Win32/Losfondup.B makes system changes by downloading malevolent files and making modifications to the Windows Registry. Backdoor:Win32/Losfondup.B will introduce a user account called 'Local Servlce' by purposefully misspelling 'Local Servlce', instead of 'Service', possibly to dupe attacked PC users into thinking it is a genuine Windows user account. Backdoor:Win32/Losfondup.B may be installed and launched by other malware infections. Backdoor:Win32/Losfondup.B registers itself as a geneuine component of the Windows system service 'SENS' (system even notification service) by making alterations to the registry entry. Backdoor:Win32/Losfondup.B also modifies the registry entries to make sure that its altered version of the 'SENS' service is initiated every time you start Windows. When the Windows system service SENS is launched, Backdoor:Win32/Losfondup.B is run instead of the original, legal one. To conceal its occurrence, Backdoor:Win32/Losfondup.B also fulfills the normal functions of the legal SENS service. To make that the altered version of the 'SENS' service, and, therefore, Backdoor:Win32/Losfondup.B itself, is running instead of the genuine one, Backdoor:Win32/Losfondup.B stops 'svchost.exe' and runs the commands, which initiate the changed 'SENS' service.

Technical Information

File System Details

Backdoor:Win32/Losfondup.B creates the following file(s):
# File Name MD5 Detection Count
1 ylccvty.dll N/A
2 [startup folder]\widoexe.js N/A
3 noliwutejnm.dat N/A
4 mnjetuwilon.dat N/A
5 %ALLUSERSPROFILE%\Documents\[reverse malware file name].dat N/A
6 4251f8a819c7b2999724e177b72bdbff 4251f8a819c7b2999724e177b72bdbff 0
7 ac0e2cd7093d8303cd6d3c1b703be70c ac0e2cd7093d8303cd6d3c1b703be70c 0

Registry Details

Backdoor:Win32/Losfondup.B creates the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SENS\Parameters "ServiceDll" = "%AllUserProfile%\Application Data\[RANDOM NAME].dat"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\COMSysApp "Start" = "0x02"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SENS "Start" = "0x02"

Site Disclaimer is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.