Trojan.Begseabug

By JubileeX in Trojans

Threat Scorecard

Threat Level:	80 % (High)
Infected Computers:	11

First Seen:	February 28, 2016
Last Seen:	February 26, 2023
OS(es) Affected:	Windows

Trojan.Begseabug is a malignant computer trojan that drops more malware threats onto the infected computer system. Trojan.Begseabug also drops and executes harmful files onto the affected computer. Once installed, Trojan.Begseabug creates certain dangerous registry entries to allow its automatic execution every time Windows boots up. Trojan.Begseabug prevents security-related applications from running by disabling security service. Remove Trojan.Begseabug as quickly as possible to secure your computer.

File System Details

Trojan.Begseabug may create the following file(s):

Expand All | Collapse All

#	File Name	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	%Temp%\IXP000.TMP\Setup4.exe
Name: %Temp%\IXP000.TMP\Setup4.exe Type: Executable File Group: Malware file
2.	%System%\[RANDOM CHARACTERS].exe
Name: %System%\[RANDOM CHARACTERS].exe Type: Executable File Group: Malware file
3.	%Temp%\IXP001.TMP\Setup8.exe
Name: %Temp%\IXP001.TMP\Setup8.exe Type: Executable File Group: Malware file
4.	%Temp%\IXP001.TMP\QVODSE~1.EXE
Name: %Temp%\IXP001.TMP\QVODSE~1.EXE Type: Executable File Group: Malware file
5.	%Temp%\IXP001.TMP\Setup4.exe
Name: %Temp%\IXP001.TMP\Setup4.exe Type: Executable File Group: Malware file
6.	%Temp%\IXP000.TMP\Setup8.exe
Name: %Temp%\IXP000.TMP\Setup8.exe Type: Executable File Group: Malware file
7.	%System%\system.exe
Name: %System%\system.exe Type: Executable File Group: Malware file
8.	%Temp%\1.tmp
Name: %Temp%\1.tmp Type: Temporary File Group: Malware file

Registry Details

Trojan.Begseabug may create the following registry entry or registry entries:

HKEY..\..\..\..{RegistryKeys}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\"%Temp%\IXP000.TMP\Setup8.exe" = "%Temp%\IXP000.TMP\Setup8.exe:*:Enabled:QVOD"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\"%Temp%\IXP000.TMP\Setup4.exe" = "%Temp%\IXP000.TMP\Setup4.exe:*:Enabled:QVOD"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\"%Temp \IXP001.TMP\Setup4.exe" = "%Temp%\IXP001.TMP\Setup4.exe:*:Enabled:QVOD"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\"wextract_cleanup0" = "rundll32.exe %System%\advpack.dll,DelNodeRunDLL32 \"%Temp%\IXP000.TMP\\""

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\"wextract_cleanup1" = "rundll32.exe %System%\advpack.dll,DelNodeRunDLL32 \"%Temp%\IXP001.TMP\\""

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\"%Temp%\IXP001.TMP\Setup8.exe" = "%Temp%\IXP001.TMP\Setup8.exe:*:Enabled:QVOD"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"system" = "%System%\system.exe"

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Trojan.Begseabug

Threat Scorecard

EnigmaSoft Threat Scorecard

File System Details

Registry Details

Submit Comment

Trending

Rzfu Ransomware

'YouPorn' Email Scam

Rzkd Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen