Troj/BadCab-A
Troj/BadCab-A is a malicious backdoor Trojan that hides from the user and allows hackers remote access to an infected system. Troj/BadCab-A will propagate by exploiting local network shares and may join a predefined IRC server to participate in Distributed Denial of Service (DDoS) attacks which will cripple the entire system. Troj/BadCab-A poses a high security risk to any computer or network and should be terminated when detected.
File System Modifications
- The following files were created in the system:
# File Name 1 %CommonPrograms%\Resource Tuner\Resource Tuner on the Web.url 2 %CommonPrograms%\Resource Tuner\Support Forum.url 3 %ProgramFiles%\Resource Tuner\PLUGINS\Demo Plug-ins\Delphi\SOURCE\t12dll.dsk 4 %ProgramFiles%\Resource Tuner\resforum.url 5 %ProgramFiles%\Resource Tuner\restuner.url 6 %System%\sys\lsass.exe 7 %Temp%\IXP000.TMP\ResTuner.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}[HKEY_CURRENT_USER\Software\Bifrost][HKEY_LOCAL_MACHINE\SOFTWARE\Bifrost]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}Resource Tuner_is1]
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.