Backdoor.Pestic
Backdoor.Pestic is a backdoor computer trojan that will enable a remote criminal to get access to a targeted user's computer via the backdoor ports. Backdoor.Pestic will be able to disguise its existence on the PC system by injecting itself to a legal Windows process. Changes will also be made to the registry that will make itself to run automatically when Windows is launched.
File System Modifications
- The following files were created in the system:
# File Name 1 C:\Documents and Settings\All Users\Application Data\Macromedia\swfupdate\H64DATA.dtd 2 C:\Documents and Settings\All Users\Application Data\Macromedia\swfupdate\Local.dtd 3 C:\Documents and Settings\All Users\Application Data\Macromedia\swfupdate\S32DATA.dtd 4 C:\Documents and Settings\All Users\Application Data\Macromedia\swfupdate\swfupdate.dll 5 C:\Documents and Settings\All Users\Application Data\Macromedia\swfupdate\Ui.dtd 6 C:\Documents and Settings\All Users\Application Data\Macromedia\swfupdate\USTemp.dtd 7 C:\Documents and Settings\All Users\Application Data\Macromedia\swfupdate\UTemp.dtd
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{003541A1- 3BC0-1B1C-AAF3-040114001C01}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\ShellServiceObjectDelayLoad\"SwUpdate" = "7B 00 30 00 30 00 33 00 35 00 34 00 31 00 41 00 31 00 2D 00 33 00 42 00 43 00 30 00 2D 00 31 00 42 00 31 00 43 00 2D 00 41 00 41 00 46 00 33 00 2D 00 30 00 34 00 30 00 31 00 31 00 34 00 30 00 30 00 31 00 43 00 30 00 31 00 7D 00"HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Shared Access\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\C:\WINDOWS\explorer.exe: "explorer.exe:*:Enabled:Microsoft Windows Explorer"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Shared Access\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\C:\WINDOWS\system32\lsass.exe: "C:\WINDOWS\system32\lsass.exe:*:Enabled:LSA Shell"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Shared Access\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\[ORIGINAL FILE NAME].exe: "[ORIGINAL FILE NAME].exe:*:Enabled:Application Layer Gateway Service"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Shared Access\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\explorer.exe: "explorer.exe:*:Enabled:Microsoft Windows Explorer"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Shared Access\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\system32\lsass.exe: "C:\WINDOWS\system32\lsass.exe:*:Enabled:LSA Shell"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Shared Access\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\[ORIGINAL FILE NAME].exe: "[ORIGINAL FILE NAME].exe:*:Enabled:Application Layer Gateway Service"
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.