Home Malware Programs Backdoors Backdoor.Cimuz

Backdoor.Cimuz

Posted: July 21, 2011

Backdoor.Cimuz is a malicious backdoor Trojan that may enable a remote attacker to get unauthorized access to the corrupted PC system. Backdoor.Cimuz will steal personal data such as user name and password via key logging capabilities. Backdoor.Cimuz also collects information like Operating System version, system folder, processor speed, upload folder and system uptime. Backdoor.Cimuz can run itself when Windows is started by placing an entry in the registry. Backdoor.Cimuz can install itself as Layered Service Provider (LSP). Backdoor.Cimuz opens a backdoor on the compromised computer able to intercept user name and password. You should remove Backdoor.Cimuz from your computer to keep your PC away from danger.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %System%\[RANDOM ALPHANUMERIC CHARACTERS].tbl
    2 %System%\c_20870.nls
    3 %System%\msafd[TWO RANDOM NUMBERS].dll
    4 %Temp%\~[RANDOM ALPHANUMERIC CHARACTERS].tmp

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINE\SYSTEM\Current ControlSet\Services\WinSock2\mswsock32\"PathName" = "C:\WINDOWS\system32\msafd[TWO RANDOM NUMBERS].dll"
Loading...