Backdoor:W32/Spyrat.D
Backdoor:W32/Spyrat.D is a mischievous backdoor trojan infection created by hackers to remotely access the targeted computer. Backdoor:W32/Spyrat.D can be installed by careless PC users when browsing the Internet or by other malware infections. Backdoor:W32/Spyrat.D links up to a shared drive all this infection has nothing but files. Backdoor:W32/Spyrat.D enables attackers remotely monitor your computer system, take over personal data, and drop down and execute malicious files without you knowledge. Backdoor:W32/Spyrat.D remains on a computer and opens a backdoor to allow other malware threats access the PC system. Remove Backdoor:W32/Spyrat.D once it's detected on a computer.
File System Modifications
- The following files were created in the system:
# File Name 1 %Documents and Settings%\All Users\Application Data\Backdoor:W32/Spyrat.D 2 %Documents and Settings%\All Users\Start Menu\Programs\Backdoor:W32/Spyrat.D 3 %Program Files%\Backdoor:W32/Spyrat.D 4 %System Root%\Samples 5 %User Profile%\Local Settings\Temp 6 %UserProfile%\Application Data\Microsoft\[random].exe 7 3948550101.cfg 8 C:\ProgramData\[random numbers]\ 9 doguzeri.dll
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Backdoor:W32/Spyrat.DHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Backdoor:W32/Spyrat.D"HKEY_LOCAL_MACHINE\SOFTWARE\Backdoor:W32/Spyrat.DHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore "DisableSR " = '1'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "3948550101"HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}Backdoor:W32/Spyrat.D
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.