The Winnti Trojan, first discovered in 2011, is a dangerous backdoor Trojan that can be used to carry out all kinds of attacks on the victim's computer. As of April of 2013, the Winnti Trojan remains highly active around the world. There have been numerous alarming reports of infections associated with Winnti, mostly centered in Southeastern Asia. In fact, in the Spring of 2013 the criminals responsible for Winnti received widespread media attention due to the pervasiveness of these attacks and in particular because of a large wave of attacks designed to steal gaming information such as online gaming account passwords and credit card information.
Backdoor.Winnti gathers its victim's confidential data and forwards it to a remote server for a malicious purpose. Backdoor.Winnti adds system files and modifies the registry so that it can run automatically each time you start your PC. If Backdoor.Winnti has infected your computer, you cannot run, update or uninstall certain software programs. Backdoor.Winnti also injects processes with malicious payloads and sets up drivers and services. Get rid of Backdoor.Winnti immediately after detection.
The Winnti Trojan can infect all editions of the Windows operating system stretching to Windows NT and Windows XP and as recently as Windows 7. The vast majority of Winnti attacks use the well known CVE-2010-2883 vulnerability, an exploit of a known weakness in Adobe Reader. This means that Winnti can often arrive on the victim's computer as an innocuous PDF file that, when opened, runs a malicious code that installs the Winnti backdoor itself. Because of this, the Winnti Trojan can be distributed through various social engineering means, including misleading email messages and social media spam messages. Once installed, Winnti will make changes to the Windows Registry that allow Winnti to run automatically at start-up, drop its own malicious files on the victim's hard drive and join up with a remote server in order to be given instructions from its command and control server.
Winnti is a powerful backdoor Trojan that can be used to carry out numerous tasks on the infected computer. Using Winnti, criminals can remotely create files on the victim's computer, inject malicious code into running memory processes, make changes to driver and service settings and disable the infected computer's security (such as the Windows firewall and anti-virus software). Winnti also allows criminals to control the infected computer remotely, create or delete user accounts and steal information from the victim's computer. This makes Winnti a highly flexible malware threat that can be used for a variety of attacks. While the most recent publicized Winnti attack involves stealing information related to online gaming, the Winnti Trojan can be just as effective in other kinds of scams such as stealing banking information or using infected computer to carry out DdoS attacks or deliver spam email.
Backdoor.Winnti has typically the following processes in memory:
Backdoor.Winnti creates the following registry entries:
|HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp\"data" = "[RANDOM CHARACTERS]"|
Do You Suspect Your PC May Be Infected with Backdoor.Winnti & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Backdoor.Winnti as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
File System Details
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your PC. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.