Backdoor:Win32/Smadow

Backdoor:Win32/Smadow Description

What Is the Backdoor:Win32/Smadow Trojan?

The Backdoor:Win32/Smadow Trojan is a malware infection that belongs to a category of Trojans known as "backdoor Trojans." Unlike viruses and worms, Trojans cannot replicate and spread on their own. Trojan horses, or Trojans for short, act in a way that is similar to their namesake; that is, they are disguised as harmless or even necessary files that are often downloaded and installed inadvertently or without knowledge of their true nature. Backdoor Trojans like the Backdoor:Win32/Smadow Trojan are specifically engineered to establish a "backdoor" on the infected computer system. This term is used to refer to an easily-exploitable hole in the infected computer's security. A hacker can use this backdoor to install additional malware on the infected computer. The Backdoor:Win32/Smadow Trojan has many variants, which are typically used to download and display advertisements. However, the Backdoor:Win32/Smadow Trojan can also be used to install other kinds of malicious malware.
 

What Does the Backdoor:Win32/Smadow Trojan Do?

The Backdoor:Win32/Smadow Trojan has three main functions:

  1. It opens a port that allows communication to and from the infected computer system.
  2. It establishes a connection with a remote server and attempts to download files from that source.
  3. It installs and runs the files it downloaded.

The effects of the Backdoor:Win32/Smadow Trojan vary greatly and depend entirely on what kinds of malware was installed. Most variants of the Backdoor:Win32/Smadow Trojan are used to install Adware. This kind of malware typically spies on a computer user's online activity and displays advertisements based on this information. Adware infections are often gateways that lead to more severe problems down the road. This is due to the fact that the advertisements that are displayed by Adware will often contain Trojans and other malware.
 

The Backdoor:Win32/Smadow Trojan Allows a Hacker To Take Over Your Computer

One of the most dangerous outcomes of a Backdoor:Win32/Smadow Trojan infection takes place when a hacker uses the back door to install a RAT (Remote Access Tool) on the infected computer. A RAT gives a hacker complete control over the infected computer. This control can be used in a number of ways, often to commit criminal acts. Hackers can take control simultaneously of thousands of infected computers and use them to send out spam email or to overload a specific server or website. For your own and others' safety, ESG PC security researchers recommend scanning your computer regularly for malware infections.

Technical Information

File System Details

Backdoor:Win32/Smadow creates the following file(s):
# File Name Detection Count
1 %ProgramFiles%\Bifrost\server.exe N/A
2 %AppData%\addon.dat N/A

Registry Details

Backdoor:Win32/Smadow creates the following registry entry or registry entries:
RegistryKey
HKEY_LOCAL_MACHINE\SOFTWARE\Bifrost
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MediaResources\msvideo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9D71D88C-C598-4935-C5D1-43AA4DB90836} stubpath = "%ProgramFiles%\Bifrost\server.exe s"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9D71D88C-C598-4935-C5D1-43AA4DB90836}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9E095928-E6B5-E94F-5F29-01F0A98177D9}
HKEY_CURRENT_USER\Software\Bifrost
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9E095928-E6B5-E94F-5F29-01F0A98177D9} stubpath = "%ProgramFiles%\Microsoft\system.exe s"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MediaResources\msvideo