Backdoor.Snifula.D

Backdoor.Snifula.D Description

Backdoor.Snifula.D is a backdoor Trojan that opens a back door on the infected computer. Once executed, Backdoor.Snifula.D may modify the certain registry entry in order to disable a security alert.

Backdoor.Snifula.D may modify the certain registry entry in order to reduce Internet Explorer security settings. Backdoor.Snifula.D also creates several registry entries. Backdoor.Snifula.D may contact the specific command and control (C&C) servers using a POST request on HTTP port 80. Backdoor.Snifula.D may then receive several commands. Backdoor.Snifula.D may then try to steal cookie information as well as drop and run files from a remote location. Backdoor.Snifula.D may also steal certificates from the affected computer and transfer them to the C&C server. Backdoor.Snifula.D may then create an archive with the stolen certificates in the particular location.

Aliases

Generic31.BDBJ [AVG]W32/Papras.AF!tr [Fortinet]a variant of Win32/Kryptik.ATVJ [ESET-NOD32]Backdoor.Win32.Papras.AMN (A) [Emsisoft]Artemis!F68A1FBAB9A6 [McAfee-GW-Edition]TR/Rogue.kdv.857085 [AntiVir]Troj/Papras-AF [Sophos]Backdoor.Win32.Papras.pgz [Kaspersky]Win32:Dropper-gen [Drp] [Avast]TROJ_GEN.RCBB1BC [TrendMicro-HouseCall]

More aliases (28)

Backdoor.Snifula.D Automatic Detection Tool (Recommended)

Is your PC infected with Backdoor.Snifula.D? To safely & quickly detect Backdoor.Snifula.D, we highly recommend you run the malware scanner listed below.

Download SpyHunter's* Malware Scanner to detect Backdoor.Snifula.D What happens if Backdoor.Snifula.D does not let you open SpyHunter or blocks the Internet?

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

#	File Name	Detection Count
1	%ALLUSERSPROFILE%\ dial_isv.dll	220
2	%ALLUSERSPROFILE%\ dvdpdiag.dll	73
3	%UserProfile%\Local Settings\Temp\[16 HEXADECIMAL CHARACTERS].tmp	N/A

Registry Modifications

Tutorial: To edit and delete registry entries manually, read the tutorial on how to remove malicious registry entries.

Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.

The following newly produced Registry Values are:
HKEY..\..\{Value}HKEY_CURRENT_USER\Software\AppDataLow\{GUID}\"k1" = "[HEXADECIMAL VALUE]"HKEY_CURRENT_USER\Software\AppDataLow\{GUID}\"k2" = "[HEXADECIMAL VALUE]"HKEY_CURRENT_USER\Software\AppDataLow\{GUID}\"s1" = "[HEXADECIMAL VALUE]"HKEY_CURRENT_USER\Software\AppDataLow\{GUID}\"Version" = "[HEXADECIMAL VALUE]"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\"2500" = "0"HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\NoProtectedModeBanner