BKDR_ANDROM.NTW is installed on a computer through a scam that distributes a malicious JavaScript Trojan in the form of a fake Java 7 update. This social engineering scam is highly effective because Zero Day vulnerabilities in the latest version of Java have received a lot of attention in the news. This has led to many computer user users seeking out and downloading updates for their computer and Java Runtime Environment. Unfortunately, criminals have taken advantage of this development by carrying out numerous social engineering scams that involve fake updates for Java in the form of malicious JAR files. This, in turn, results on the installation of BKDR_ANDROM.NTW on the victim's computer. BKDR_ANDROM.NTW is a backdoor Trojan that allows the installation of the Andromeda bot on the victim's computer. This allows criminals to take over the infected computer and use it as a part of the infamous Andromeda botnet.

Once installed, BKDR_ANDROM.NTW creates an opening in the victim's computer's security. This opening, known as a backdoor, allows criminals to install malware or steal information from the infected computer without alerting the infected computer's security software. Backdoor Trojans are the main way in which other attacks involving data theft or the installation of other malware (such as bitcoin miners or rogue security software) are carried out. The payload of a BKDR_ANDROM.NTW attack allows criminals to take over the infected computer in order to use it in additional malware attacks, send out spam email or to carry out other kinds of attacks that use thousands of coordinated infected computers. It is important to understand that the presence of the BKDR_ANDROM.NTW Trojan on a computer indicates a severe threat to a computer's security and should be followed with immediate action involving a reliable anti-malware application.

Preventing Malware Attacks Associated with BKDR_ANDROM.NTW

The best way to prevent BKDR_ANDROM.NTW infections is to disable Java entirely, especially in the wake of the Zero Day vulnerabilities reported in the media. Trojan droppers associated with BKDR_ANDROM.NTW use malicious Java Script files disguised as updates for Java. It is also recommended ensuring that your computer is protected with a reliable anti-malware scanner that is from a reliable source (preferably, directly from the manufacturer). This, coupled with safe browsing practices, should protect you and your data from a BKDR_ANDROM.NTW attack and other forms of malware.

Technical Information

File System Details

BKDR_ANDROM.NTW creates the following file(s):
# File Name Size MD5
1 up2.exe
2 up1.exe
3 %System Root%\Documents and Settings\All Users\svchost.exe
4 javaupdate11.jar
6 %System Root%\Documents and Settings\All Users\Local Settings\Temp\ms[RANDOM CHARACTERS].[EXTENSION NAME]
7 javaupdate11.class
8 8392bc354d99ecacc71370d6bd4550a9 35,416 8392bc354d99ecacc71370d6bd4550a9

Registry Details

BKDR_ANDROM.NTW creates the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SunJavaUpdateSched = "%System Root%\Documents and Settings\All Users\svchost.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\WindowsLoad = "%User Temp%\ms[RANDOM CHARACTERS].[EXTENSION NAME]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run [RANDOM NUMBER] = "%System Root%\Documents and Settings\All

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

HTML is not allowed.