Trojan.Begseabug
Trojan.Begseabug is a malicious trojan infection that enters a computer system stealthily without a victim's consent and awareness through existing network exploits. Trojan.Begseabug will download files to the compromised computer without a targeted users consent which will lead to security risk. Trojan.Begseabug launches automatically because it can drop its start-up item in the registry entry and can even enable the attacker to gain remote access to the affected computer. Remove Trojan.Begseabug as quickly as possible to evade loss of data and infection of files on the computer system.
File System Modifications
- The following files were created in the system:
# File Name 1 %System%\[RANDOM CHARACTERS].exe 2 %System%\system.exe 3 %Temp%\1.tmp 4 %Temp%\IXP000.TMP\Setup4.exe 5 %Temp%\IXP000.TMP\Setup8.exe 6 %Temp%\IXP001.TMP\QVODSE~1.EXE 7 %Temp%\IXP001.TMP\Setup4.exe 8 %Temp%\IXP001.TMP\Setup8.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\"%Temp \IXP001.TMP\Setup4.exe" = "%Temp%\IXP001.TMP\Setup4.exe:*:Enabled:QVOD"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\"%Temp%\IXP000.TMP\Setup4.exe" = "%Temp%\IXP000.TMP\Setup4.exe:*:Enabled:QVOD"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\"%Temp%\IXP000.TMP\Setup8.exe" = "%Temp%\IXP000.TMP\Setup8.exe:*:Enabled:QVOD"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\"%Temp%\IXP001.TMP\Setup8.exe" = "%Temp%\IXP001.TMP\Setup8.exe:*:Enabled:QVOD"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\"wextract_cleanup0" = "rundll32.exe %System%\advpack.dll,DelNodeRunDLL32 \"%Temp%\IXP000.TMP\\""HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\"wextract_cleanup1" = "rundll32.exe %System%\advpack.dll,DelNodeRunDLL32 \"%Temp%\IXP001.TMP\\""HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"system" = "%System%\system.exe"
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.