Home Malware Programs Backdoors Backdoor.Win32.Turkojan.r

Backdoor.Win32.Turkojan.r

Posted: February 15, 2011

As a danger to your PC in and of itself as well as a prelude to other possible attacks, the backdoor Trojan Backdoor.Win32.Turkojan.r should be taken as a highly urgent breach in the computer's security. Signs of infection by Backdoor.Win32.Turkojan.r include an altered Windows Registry, attacked security applications and settings, the presence of files and memory processes you don't recognize and general system slowdown. Backdoor.Win32.Turkojan.r can also enable remote attacks and corrupt running processes. To delete Backdoor.Win32.Turkojan.r, you should use reliable anti-malware applications, since the Trojan is able to hide Backdoor.Win32.Turkojan.r's memory process and may easily skirt manual deletion efforts.

The Start of Backdoor.Win32.Turkojan.r's PC Attacks

Backdoor.Win32.Turkojan.r has been noted to be bundled with typical criminal applications such as crypters and other programs widely distributed on illegal downloading sites. Although Backdoor.Win32.Turkojan.r may specifically target Windows XP and Windows Vista operating systems, it still requires that you download Backdoor.Win32.Turkojan.r, a program bundled with it or another Trojan that can initiate malware downloads arbitrarily.

File size for the Trojan Backdoor.Win32.Turkojan.r can vary, since it can be compressed with a packing utility in some cases. Packing utilities can shrink malware down to negligible sizes and prevent anti-malware security programs from detecting them until the infections are unpacked and functional.

Detecting infection by this Trojan is difficult; Backdoor.Win32.Turkojan.r can start with Windows by adding entries to the Registry and hidding Backdoor.Win32.Turkojan.r's own running memory process from the user. A passive anti-malware solution that's kept running and updated on a general basis is the most practical response to Backdoor.Win32.Turkojan.r.

What Happens When Backdoor.Win32.Turkojan.r Gets to You

Typical results of a Backdoor.Win32.Turkojan.r infection are:

  • Reductions in firewall and anti-malware application-based security. This is to allow further attacks noted below but may also play a part in allowing unrelated malware to climb onto your PC. If common Windows programs like the Task Manager or your anti-malware applications stop working, you should immediately be suspicious.
  • Drops of other malware onto your machine. Trojan malware drops can take many forms but are most commonly false rogue security programs or some form of spyware. Trojans like Backdoor.Win32.Turkojan.r can also install other Trojans, causing an escalating threat that should be dealt with quickly.
  • As a backdoor Trojan, Backdoor.Win32.Turkojan.r specifically allows remote attackers to take over your PC. Remote attack influence can be as extreme as destroying files or exerting nigh-absolute control over the computer, but are just as often relatively subtle incidents of keylogging and theft of identity or financial information.
  • Some variants of Backdoor.Win32.Turkojan.r have been reported to have inherent spyware-based abilities like keylogging. These functions allow Backdoor.Win32.Turkojan.r to capture anything typed on your keyboard or any information present on your computer. Backdoor.Win32.Turkojan.r may even search for specific passwords and other sensitive info to violate your accounts.

It's not easy to delete Backdoor.Win32.Turkojan.r, since in addition to all its other tricks, Backdoor.Win32.Turkojan.r may corrupt processes running in memory. However, reputable anti-malware programs are able to deal with this Trojan threat. Preventing Backdoor.Win32.Turkojan.r and other malware from running insofar as you can be followed by a full scan of your system, will remove Backdoor.Win32.Turkojan.r in many cases.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %appdata%\microsoft\internet explorer\quick launch\Backdoor.Win32.Turkojan.r.lnk
    2 %commonprograms%\Backdoor.Win32.Turkojan.r\about.lnk
    3 %commonprograms%\Backdoor.Win32.Turkojan.r\activate.lnk
    4 %commonprograms%\Backdoor.Win32.Turkojan.r\Backdoor.Win32.Turkojan.r support.lnk
    5 %commonprograms%\Backdoor.Win32.Turkojan.r\Backdoor.Win32.Turkojan.r.lnk
    6 %commonprograms%\Backdoor.Win32.Turkojan.r\buy.lnk
    7 %commonprograms%\Backdoor.Win32.Turkojan.r\scan.lnk
    8 %commonprograms%\Backdoor.Win32.Turkojan.r\settings.lnk
    9 %commonprograms%\Backdoor.Win32.Turkojan.r\update.lnk
    10 %desktop%\Backdoor.Win32.Turkojan.r support.lnk
    11 %desktop%\Backdoor.Win32.Turkojan.r.lnk
    12 %programfiles\Backdoor.Win32.Turkojan.r\activate.ico
    13 %programfiles\Backdoor.Win32.Turkojan.r\buy.ico
    14 %programfiles\Backdoor.Win32.Turkojan.r\def.db
    15 %programfiles\Backdoor.Win32.Turkojan.r\defcnt.exe
    16 %programfiles\Backdoor.Win32.Turkojan.r\defext.dll
    17 %programfiles\Backdoor.Win32.Turkojan.r\defhook.dll
    18 %programfiles\Backdoor.Win32.Turkojan.r\help.ico
    19 %programfiles\Backdoor.Win32.Turkojan.r\scan.ico
    20 %programfiles\Backdoor.Win32.Turkojan.r\settings.ico
    21 %programfiles\Backdoor.Win32.Turkojan.r\splash.mp3
    22 %programfiles\Backdoor.Win32.Turkojan.r\uninstall.exe
    23 %programfiles\Backdoor.Win32.Turkojan.r\update.ico
    24 %programfiles\Backdoor.Win32.Turkojan.r\virus.mp3
    25 programfiles\Backdoor.Win32.Turkojan.r\about.ico

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKCU\Software\Microsoft\Windows\CurrentVersion\Run “Backdoor.Win32.Turkojan.r”HKLM\SOFTWARE\Backdoor.Win32.Turkojan.rHKEY..\..\..\..{RegistryKeys}HKCR\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}Backdoor.Win32.Turkojan.r
Loading...