BKDR_PLUGX.BUT
BKDR_PLUGX.BUT is a backdoor Trojan that is distributed to the affected computer by other computer infections, specifically BKDR_PLUGX.SME. BKDR_PLUGX.BUT is a remote access tool (RAT) recognized as PlugX. BKDR_PLUGX.BUT is one of the most common malware threats used in conducting targeted attacks which are mainly directed towards Japanese government institutions. BKDR_PLUGX.BUT performs commands given by remote attackers in order to infect targeted computer systems. BKDR_PLUGX.BUT records keystrokes and active window of a victimized computer to steal confidential information.
BKDR_PLUGX.BUT connects to several domains and a C&C server to receive commands from cybercrooks for malicious activities. After installation, BKDR_PLUGX.BUT adds melevolent files. BKDR_PLUGX.BUT inserts itself into the svchost.exe process as component of its memory residency routine. BKDR_PLUGX.BUT registers its downloaded component as a system service by creating the certain registry entries and keys so that it can launch automatically whenever Windows is started.
File System Details
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | All Users' %User Profile%\Gf\NvSmartMax.dll | |
| 2. | {All Users' Profile}\Gf\kl.log | |
| 3. | All Users' %User Profile%\Gf\boot.ldr - detected as TROJ_PLUGX.SME | |
| 4. | All Users' %User Profile%\Gf\NvSmart.exe - a legitimate NVIDIA (NVIDIA Smart Maximise Helper Host) |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.