Bebshell
Bebshell is a backdoor that provides the attacker with unauthorized remote access to the compromised PC. The intruder can manipulate files, start and end processes, log keystrokes and send e-mail messages. The backdoor also allows to steal e-mail account details, retrieve network and drive information and modify computer configuration by altering the Windows registry. Bebshell runs on every Windows startup.
Bebshell is usually installed through the WMF exploit .
File System Modifications
- The following files were created in the system:
# File Name 1 webshell.dll 2 winlog.dll 3 wjan20.doc
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOTCLSID[randomstring]InProcServer32(Default)=%System%webshell.dllHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoadwebshell
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.