Backdoor.Win32.NewRest.bc
Backdoor.Win32.NewRest.bc is a malicious backdoor Trojan. Backdoor.Win32.NewRest.bc is designed to exploit a vulnerability in a system, and open it to future access by a cyber criminal without a user's knowledge. Backdoor.Win32.NewRest.bc includes stealth-mode features common to rootkits. Backdoor.Win32.NewRest.bc runs in the background and enables remote access to the corrupted system.
Aliases
Virus.Win32.Virut.ce (Kaspersky Lab)
File System Modifications
- The following files were created in the system:
# File Name 1 %ProgramFiles%\Internet Explorer\Connection Wizard\icwconn1.exe 2 %ProgramFiles%\Internet Explorer\Connection Wizard\icwconn2.exe 3 %ProgramFiles%\Internet Explorer\Connection Wizard\icwrmind.exe 4 %ProgramFiles%\Internet Explorer\Connection Wizard\icwtutor.exe 5 %ProgramFiles%\Internet Explorer\Connection Wizard\inetwiz.exe 6 %ProgramFiles%\Internet Explorer\Connection Wizard\isignup.exe 7 %ProgramFiles%\Internet Explorer\iedw.exe 8 %ProgramFiles%\MSN\MSNIA\msniasvc.exe 9 %ProgramFiles%\MSN\MSNIA\prestp.exe 10 %ProgramFiles%\MSN\MsnInstaller\msninst.exe 11 %ProgramFiles%\NetMeeting\cb32.exe 12 %ProgramFiles%\NetMeeting\conf.exe 13 %ProgramFiles%\NetMeeting\wb32.exe 14 %ProgramFiles%\Outlook Express\msimn.exe 15 %ProgramFiles%\Outlook Express\oemig50.exe 16 %ProgramFiles%\Outlook Express\setup50.exe 17 %ProgramFiles%\Outlook Express\wab.exe 18 %ProgramFiles%\Outlook Express\wabmig.exe 19 %ProgramFiles%\Web Publish\WPWIZ.EXE 20 %ProgramFiles%\Windows Media Player\migrate.exe 21 %ProgramFiles%\Windows Media Player\mplayer2.exe 22 %ProgramFiles%\Windows Media Player\setup_wm.exe 23 %ProgramFiles%\Windows Media Player\wmplayer.exe 24 %ProgramFiles%\Windows NT\Accessories\wordpad.exe 25 %ProgramFiles%\Windows NT\dialer.exe 26 %ProgramFiles%\Windows NT\hypertrm.exe 27 %ProgramFiles%\Windows NT\Pinball\PINBALL.EXE 28 %System%\accwiz.exe 29 %System%\actmovie.exe 30 %System%\ahui.exe 31 %System%\arp.exe 32 %System%\asr_fmt.exe 33 %System%\asr_ldm.exe 34 %System%\asr_pfu.exe 35 %System%\at.exe 36 %System%\atmadm.exe 37 %System%\attrib.exe 38 %System%\auditusr.exe 39 %System%\blastcln.exe 40 %System%\bootcfg.exe 41 %System%\bootok.exe 42 %System%\bootvrfy.exe 43 %System%\cacls.exe 44 %System%\calc.exe 45 %System%\charmap.exe 46 %System%\chkdsk.exe 47 %System%\chkntfs.exe 48 %System%\cidaemon.exe 49 %System%\cipher.exe 50 %System%\cisvc.exe 51 %System%\ckcnv.exe 52 %System%\clean_all.exe 53 %System%\cleanmgr.exe 54 %System%\cliconfg.exe 55 %System%\clipbrd.exe 56 %System%\clipsrv.exe 57 %System%\cmd.exe 58 %System%\cmdl32.exe 59 %System%\cmmon32.exe 60 %System%\cmstp.exe 61 %System%\Com\comrepl.exe 62 %System%\Com\comrereg.exe 63 %System%\comp.exe 64 %System%\compact.exe 65 %System%\conime.exe 66 %System%\control.exe 67 %System%\convert.exe 68 %System%\cscript.exe 69 %System%\ctfmon.exe 70 %System%\dcomcnfg.exe 71 %System%\ddeshare.exe 72 %Temp%\4.tmp 73 %Temp%\7zS1.tmp\keygen.exe 74 %Temp%\7zS1.tmp\patch.exe 75 %Temp%\7zS1.tmp\serial.exe 76 %Windir%\Cache\Adobe Reader 6.0.1\ENUBIG\setup.exe 77 %Windir%\hh.exe 78 %Windir%\inf\unregmp2.exe 79 %Windir%\Installer\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}\places.exe 80 %Windir%\Microsoft.NET\Framework\NETFXSBS10.exe 81 %Windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe 82 %Windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe 83 %Windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe 84 %Windir%\Microsoft.NET\Framework\v2.0.50727\CasPol.exe 85 %Windir%\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe 86 %Windir%\Microsoft.NET\Framework\v2.0.50727\IEExec.exe 87 %Windir%\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe 88 %Windir%\Microsoft.NET\Framework\v2.0.50727\jsc.exe 89 %Windir%\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe 90 %Windir%\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe 91 %Windir%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe 92 %Windir%\msagent\agentsvr.exe 93 %Windir%\mui\muisetup.exe 94 %Windir%\NOTEPAD.EXE 95 %Windir%\pchealth\helpctr\binaries\HelpCtr.exe 96 %Windir%\pchealth\helpctr\binaries\HelpHost.exe 97 %Windir%\pchealth\helpctr\binaries\HelpSvc.exe 98 %Windir%\pchealth\helpctr\binaries\HscUpd.exe 99 %Windir%\pchealth\helpctr\binaries\msconfig.exe 100 %Windir%\pchealth\helpctr\binaries\notiflag.exe 101 %Windir%\pchealth\UploadLB\Binaries\UploadM.exe 102 %Windir%\regedit.exe 103 [file and pathname of the sample #1] 104 [pathname with a string SHARE]\msinfo32.exe 105 [pathname with a string SHARE]\sapisvr.exe
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.