Backdoor.LegMir.BZ
Backdoor.LegMir.BZ is a backdoor Trojan that installs itself as a legitimate program and copies itself with various names to various locations on the infected machine. Backdoor.LegMir.BZ may open a port and give unauthorized access to hackers. Backdoor.LegMir.BZ also has the ability to capture passwords and send stolen information to hackers. Backdoor.LegMir.BZ contains all the characteristics of a security risk and should be removed to disinfect the system immediately.
File System Modifications
- The following files were created in the system:
# File Name 1 %System%\dllcache\doc.pif 2 %System%\dllcache\Interop.MessengerAPI.dll 3 %System%\dllcache\myporn.scr 4 %System%\dllcache\recycled.exe 5 %System%\dllcache\stub.exe 6 %System%\dllcache\temp.exe 7 %System%\dllcache\tmp.exe 8 %System%\drivers\Interop.MessengerAPI.dll 9 %System%\drivers\stub.exe 10 %System%\drivers\svchost.exe 11 %System%\drivers\tmpp.exe 12 %System%\temp.exe 13 %System%\wbem\Performance\WmiApRpl_new.ini 14 c:\RECYCLER\S-1-5-21-8749679017-0950430147-468708784-3200\recycler.scr
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}[HKEY_CURRENT_USER\Software\Microsoft\OLE][HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Outlook\Security][HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Security][HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\Outlook\Security][HKEY_CURRENT_USER\Software\TACO][HKEY_CURRENT_USER\Software\Yahoo\pager\View\YMSGR_buzz][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.