Threat Database Backdoors Backdoor:Win32/RDPopen


By Sumo3000 in Backdoors

Threat Scorecard

Ranking: 18,589
Threat Level: 60 % (Medium)
Infected Computers: 1,604
First Seen: January 14, 2013
Last Seen: February 10, 2024
OS(es) Affected: Windows

Backdoor:Win32/RDPopen is a backdoor Trojan that enables a remote cybercriminal to obtain full access and control over the targeted PC. Backdoor:Win32/RDPopen creates the connection with an unidentified location in order to permit the cybercriminal to carry out various harmful activities on the affected PC. The connection can also be used by the cybercriminal to drop malevolent files resulting in more harm on the hacked computer. While being executed, Backdoor:Win32/RDPopen will drop a copy of harmful file under various folders and system directories. Backdoor:Win32/RDPopen then creates several registry entries to enable itself to run automatically every time you start Windows. Backdoor:Win32/RDPopen makes modifications to the Windows Registry to evade Windows Firewall to permit transmission over the existing network. Backdoor:Win32/RDPopen can steal personal information from the affected PC. Backdoor:Win32/RDPopen also restricts PC users from using some applications including security tools on the infected computer.


15 security vendors flagged this file as malicious.

Anti-Virus Software Detection
Panda Trj/Agent.MIZ
McAfee-GW-Edition Heuristic.BehavesLike.Win32.ModifiedUPX.C
AntiVir TR/Ransom.122880.12
Kaspersky Trojan-Ransom.Win32.Blocker.ajhe
Fortinet W32/Kryptik.AB!tr
AntiVir TR/Cridex.EB.27
Kaspersky Trojan-Dropper.Win32.Dapato.bnue
McAfee PWS-Zbot.gen.yl
Fortinet Adware/Bromngr
Ikarus not-a-virus:AdWare.Win32.SuspectCRC
AhnLab-V3 Adware/Win32.Bromngr
DrWeb Adware.BGuard.7
Sophos BProtector
Panda Trj/Genetic.gen
AVG Generic_r.BRJ

SpyHunter Detects & Remove Backdoor:Win32/RDPopen

File System Details

Backdoor:Win32/RDPopen may create the following file(s):
# File Name MD5 Detections
1. BrowserProtect.exe 3b2ddfabcc929174cd7212d11cef0e0e 798
2. asr.exe 134e6943f8b7bab9eac7e9400965e50b 136
3. phxzbypky.exe 42d21a8f078cbc6d7d45b320a397b0be 50
4. windowsclock.exe ff9dea1bb2bb76ae7dae2125e2911299 17
5. zrzutek.exe eef98640e0e6e4dcee9df1f9bf0677f1 16
6. syshost.exe 45cf752aa71084771de80c42ecc050c3 8
7. yrdwpb.exe 8ac38e96f2cd0305c53cdd8eb398fb3e 6
8. test.exe c068764ba0e7e8974e9a2e9115a268f0 5
9. sopag_qhxbfwf.exe ba6d089d9f19c95318b05032a55a2240 4
10. 4EAJQ0M3V4.exe 73c0a0cc3ad07972717854d102c53e43 3
11. TURegOpt.exe 1ef30cd92f4f0bf7a7eb40901f255f9e 2
12. store.exe 17d5c6d7fbf018bff468d114311bb124 2
13. dso4xWsdb.exe 3846383ab73e2ef79d9d2cd18f2a376c 2
14. WindowWizardT.exe ecbac4721f2642d8e545ddf9f3b5b055 2
15. syshost.exe 32035abaad7594d5b05646d96221b5e9 2
16. onestepb.dll 007c3aca772286dcac7cd0b0831e4c52 1
17. proxy.exe 27df25d88be35f53347a07b697c455d2 0
18. drop/3e61f1aa075715737196f273eb9 3e61f1aa075715737196f273eb9c682e 0
19. WKG8CACQ 87f9ddaac8810f2c383d4bdfc4031d94 0
20. 9108c2e48ecaa7aad2f557366592cbea 9108c2e48ecaa7aad2f557366592cbea 0
21. drop/1feeb60f9cf85877501230984ce 1feeb60f9cf85877501230984ce639c8 0


Most Viewed