Backdoor.Graybird!rem
Backdoor.Graybird!rem is a malicious trojan horse or bot that may represent security risk for the compromised system or its network environment. Backdoor.Graybird!rem contains a potentially unwanted adware program designed to deliver various advertisements to the users' systems. Another program downloads files to the local computer that may represent security risk. Backdoor.Graybird!rem also allows remote access to the compromised system and comes armed with a keylogger program that can capture all user keystrokes, including confidential details such usernames, passwords and credit card numbers. Remove Backdoor.Graybird!rem immediately before it starts wreaking havoc on your system.
Aliases
Backdoor.Win32.Hupigon.dkwt (Kaspersky Lab)
BackDoor-AWQ.b.gen.w (McAfee)
TROJ_DOWQUE.NY (Trend Micro)
TrojanDropper:Win32/Dowque.A (Microsoft)
Backdoor.Win32.HacDef.073.B (Ikarus)
Win-Trojan/Hupigon.1484220 (AhnLab)
BackDoor-AWQ.b.gen.w (McAfee)
TROJ_DOWQUE.NY (Trend Micro)
TrojanDropper:Win32/Dowque.A (Microsoft)
Backdoor.Win32.HacDef.073.B (Ikarus)
Win-Trojan/Hupigon.1484220 (AhnLab)
File System Modifications
- The following files were created in the system:
# File Name 1 %ProgramFiles%\Internet Explorer\Connection Wizard\icwconn1.exe.EXE 2 %ProgramFiles%\Internet Explorer\Connection Wizard\icwconn2.exe.EXE 3 %ProgramFiles%\Internet Explorer\Connection Wizard\icwrmind.exe.EXE 4 %ProgramFiles%\Internet Explorer\Connection Wizard\icwtutor.exe.EXE 5 %ProgramFiles%\Internet Explorer\Connection Wizard\inetwiz.exe.EXE 6 %ProgramFiles%\Internet Explorer\Connection Wizard\isignup.exe.EXE 7 %ProgramFiles%\Internet Explorer\iedw.exe.EXE 8 %ProgramFiles%\Internet Explorer\IEXPLORE.EXE.EXE 9 %ProgramFiles%\Messenger\msmsgs.exe.EXE 10 %ProgramFiles%\MSN\MSNCoreFiles\Install\MSN9Components\Digcore.exe.EXE 11 %ProgramFiles%\MSN\MSNCoreFiles\Install\msnsusii.exe.EXE 12 %ProgramFiles%\MSN\MSNIA\msniasvc.exe.EXE 13 %ProgramFiles%\MSN\MsnInstaller\msninst.exe.EXE 14 %ProgramFiles%\MTEJRQEZOX.exe.EXE 15 %ProgramFiles%\RLWGXH\FORSDS.exe 16 %ProgramFiles%\VROTLN3\LVL5VFVX.exe 17 %Temp%\3.exe 18 %Windir%\CGVGZIY.exe 19 %Windir%\GNOTAS5Z.exe 20 [pathname with a string SHARE]\DW20.EXE.EXE 21 [pathname with a string SHARE]\DWTRIG20.EXE.EXE 22 [pathname with a string SHARE]\MSINF16H.EXE.EXE 23 [pathname with a string SHARE]\msinfo32.exe.EXE 24 [pathname with a string SHARE]\sapisvr.exe.EXE
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.