Backdoor.Win32.VanBot.cug
Backdoor.Win32.VanBot.cug is a harmful backdoor trojan that runs in the background and enables the attackers get remote access to the corrupted computer system. Backdoor.Win32.VanBot.cug does not use network resources to propagate, but can propagate through a network by attaching itself to other computer malware. Backdoor.Win32.VanBot.cug enables an infected computer to be used as a covert proxy. Backdoor.Win32.VanBot.cug uses advanced rootkit methods to conceal any files and registry entries it generates. Once Backdoor.Win32.VanBot.cug is detected on a computer, it should be removed as quickly as possible.
File System Modifications
- The following files were created in the system:
# File Name 1 %DesktopDir%\Executable File Icons Changer.lnk 2 %ProgramFiles%\ExeIco\ExeIco.exe 3 %ProgramFiles%\ExeIco\ExeIco.ini 4 %ProgramFiles%\ExeIco\Help.CHM 5 %ProgramFiles%\ExeIco\Language\English.ini 6 %ProgramFiles%\ExeIco\Language\Language_0406.ini 7 %ProgramFiles%\ExeIco\Language\Language_0407.ini 8 %ProgramFiles%\ExeIco\Language\Language_0408.ini 9 %ProgramFiles%\ExeIco\Language\Language_040a.ini 10 %ProgramFiles%\ExeIco\Language\Language_0413.ini 11 %ProgramFiles%\ExeIco\Language\Language_0414.ini 12 %ProgramFiles%\ExeIco\Language\Language_0804.ini 13 %ProgramFiles%\ExeIco\Language\Language_0814.ini 14 %ProgramFiles%\ExeIco\Language\Spanish.ini 15 %ProgramFiles%\ExeIco\README.TXT 16 %ProgramFiles%\ExeIco\uninstall.exe 17 %Programs%\Executable File Icons Changer\Executable File Icons Changer Help.lnk 18 %Programs%\Executable File Icons Changer\Executable File Icons Changer ReadMe.lnk 19 %Programs%\Executable File Icons Changer\Executable File Icons Changer.lnk 20 %System%\sysaddei34.dll 21 %Windir%\eithirtyfour.dll 22 %Windir%\tellei34.sys 23 %Windir%\v34peformatei.dll
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\UninstallHKEY_CURRENT_USER\Software\XTZYHKEY_CURRENT_USER\Software\XTZY\ExeIcoHKEY_LOCAL_MACHINE\SOFTWARE\Classes\dllfile\ShellHKEY_LOCAL_MACHINE\SOFTWARE\Classes\dllfile\Shell\Change iconHKEY_LOCAL_MACHINE\SOFTWARE\Classes\dllfile\Shell\Change icon\CommandHKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\Change iconHKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\Change icon\CommandHKEY_LOCAL_MACHINE\SOFTWARE\Classes\icofile\ShellHKEY_LOCAL_MACHINE\SOFTWARE\Classes\icofile\Shell\Change iconHKEY_LOCAL_MACHINE\SOFTWARE\Classes\icofile\Shell\Change icon\CommandHKEY_LOCAL_MACHINE\SOFTWARE\Classes\ocxfile\ShellHKEY_LOCAL_MACHINE\SOFTWARE\Classes\ocxfile\Shell\Change iconHKEY_LOCAL_MACHINE\SOFTWARE\Classes\ocxfile\Shell\Change icon\CommandHKEY_LOCAL_MACHINE\SOFTWARE\Classes\scrfile\shell\Change iconHKEY_LOCAL_MACHINE\SOFTWARE\Classes\scrfile\shell\Change icon\CommandHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}ExeIco
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.