Home Malware Programs Trojans BackDoor-CEP!yo

BackDoor-CEP!yo

Posted: June 11, 2010

BackDoor-CEP!yo is a malicious Trojan that allows hackers remote access to gain control of a comprmised computer. BackDoor-CEP!yo may spread and infect computers manually by executing an infected file. The corrupt file will create security risks on the computer. Remove BackDoor-CEP!yo immediately using an effective malware remover.

Aliases

Backdoor.Win32.Bifrose.bvul
W32/Smalldoor.MMKO
Backdoor.Win32.Bifrose.425984

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %UserProfile%\Local Settings\Temp\UuU.uUu
    2 %UserProfile%\Local Settings\Temp\XxX.xXx
    3 %WinDir%\system32\update
    4 %WinDir%\system32\update\server.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_USERS\S-1-[Varies]\Software\Microsoft\Visual BasicHKEY_USERS\S-1-[Varies]\Software\Microsoft\Visual Basic\6.0HKEY_USERS\S-1-[Varies]\Software\expl[HKEY_USERS\S-1-[Varies]\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\][HKEY_USERS\S-1-[Varies]\Software\Microsoft\Windows\CurrentVersion\Run\]HKEY..\..\..\..{RegistryKeys}FirstExecution = "Date Of Execution"HKCU = "%WinDir%\system32\update\server.exe"HKLM = "%WinDir%\system32\update\server.exe"NewIdentification= "expl"Policies = "%WinDir%\system32\update\server.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\]
Loading...