Backdoor.Adwind
Posted: July 5, 2013
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 6/10 |
---|---|
Infected PCs: | 1,183 |
First Seen: | July 23, 2013 |
---|---|
Last Seen: | October 25, 2022 |
OS(es) Affected: | Windows |
Backdoor.Adwind is a backdoor Trojan that boasts the impressive feature of cross-compatibility with most major operating systems, as well as all of the usual functions that can subvert your PC's security, steal information or install other PC threats. Infection vectors for Backdoor.Adwind attacks still are being identified, but spam e-mail messages figure heavily in Backdoor.Adwind's payloads, and Backdoor.Adwind also includes code 'borrowed' from a separate Android-specific RAT that may help Backdoor.Adwind be concealed in the installer of a legitimate Android app. Backdoor Trojans of all sorts are major security risks, and SpywareRemove.com malware experts warn that all PC users should be prepared to block or delete Backdoor.Adwind with powerful anti-malware utilities according to their personal needs.
Backdoor.Adwind: Winding Up for an Attack Against Your PC... or Your Phone
With mobile communications devices becoming more similar to computers by the day, they've also started to acquire some of the vulnerabilities that are characteristics of PCs, and Backdoor.Adwind is a classic example of the double-edge sword of technology. Backdoor.Adwind is fully compatible with most versions of Windows, Linux and Mac OS X, but also incorporates some code from Androrat – a RAT designed to attack Android phones. SpywareRemove.com malware researchers have provided a rough list of some of Backdoor.Adwind's most dangerous and relevant attacks, although Backdoor.Adwind, like many backdoor Trojans, may be instructed to perform other functions besides those shown in this list:
- As a result of its inclusion of Androrat-based functionality, Backdoor.Adwind may steal call logs, contact information and text message-based information from Android phones. Backdoor.Adwind also may distribute malicious text messages (both SMS style messages and application 'toasts'), as well as hijack your phone's browser.
- When infecting a PC, rather than a phone, Backdoor.Adwind still has the basic attacks of a typical backdoor Trojan. Backdoor.Adwind may record your keyboard input to steal vulnerable information (a process known as keylogging), take screenshots, access your webcam, install extra malware, delete files, change your system settings or even interfere with your mouse/keyboard input.
Dodging the Bad Flavor of Backdoor.Adwind's Java
Because Backdoor.Adwind is designed in Java, Backdoor.Adwind is compatible with any OS that also supports Java, such as Mac OS X, Windows 7 or Linux. Current infection vectors for Backdoor.Adwind Trojans are estimated to utilize spam e-mail attacks that disguise the installer for Backdoor.Adwind as a supposedly beneficial file attachment, causing SpywareRemove.com malware experts to continue to recommend that you scan suspicious attachments before ever opening them. In the best scenarios, your anti-malware should be able to detect and delete Backdoor.Adwind before Backdoor.Adwind installs itself – or, at least, remove Backdoor.Adwind once Backdoor.Adwind is installed.
Diverse files related to Backdoor.Adwind Trojans are hidden in several locations throughout your PC, and include such typically dishonest names as 'Desktop.ini.' There are no readily visible programs or add-ons related to Backdoor.Adwind, which tries to hide itself from your observation, and SpywareRemove.com malware research team emphatically doesn't suggest trying to get rid of Backdoor.Adwind without any help from the relevant security tools or experts.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 604.2 KB (604206 bytes)
MD5: d8e2d73f50e8e13acca5f60abf78ee4d
Detection count: 62
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: June 13, 2017
file.jar
File name: file.jarSize: 512.84 KB (512848 bytes)
MD5: 88891dcf0c9e9cb66176db351efdef54
Detection count: 45
Mime Type: unknown/jar
Group: Malware file
Last Updated: February 21, 2017
file.exe
File name: file.exeSize: 104.18 KB (104186 bytes)
MD5: 8d62519a1654b6cc8dc01b5a69b65162
Detection count: 32
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: July 12, 2017
%SYSTEMDRIVE%\Users\<username>\appdata\roaming\jcwdpuepch\lcusmagrlf.txt
File name: lcusmagrlf.txtSize: 125.98 KB (125985 bytes)
MD5: 79e9dd35aef6558461c4b93cd0c55b76
Detection count: 23
Mime Type: unknown/txt
Path: %SYSTEMDRIVE%\Users\<username>\appdata\roaming\jcwdpuepch
Group: Malware file
Last Updated: August 23, 2018
%SYSTEMDRIVE%\Users\<username>\appdata\roaming\9bor9j6crd\unxx0jihww.txt
File name: unxx0jihww.txtSize: 131.17 KB (131178 bytes)
MD5: db46adcfae462e7c475c171fbe66df82
Detection count: 21
Mime Type: unknown/txt
Path: %SYSTEMDRIVE%\Users\<username>\appdata\roaming\9bor9j6crd
Group: Malware file
Last Updated: August 23, 2018
%UserProfile%\.plugins2\001.server
File name: %UserProfile%\.plugins2\001.serverMime Type: unknown/server
Group: Malware file
%UserProfile%\.plugins2\002.server
File name: %UserProfile%\.plugins2\002.serverMime Type: unknown/server
Group: Malware file
%UserProfile%\.plugins2\003.server
File name: %UserProfile%\.plugins2\003.serverMime Type: unknown/server
Group: Malware file
%UserProfile%\.plugins2\004.server
File name: %UserProfile%\.plugins2\004.serverMime Type: unknown/server
Group: Malware file
%UserProfile%\.plugins2\005.server
File name: %UserProfile%\.plugins2\005.serverMime Type: unknown/server
Group: Malware file
%UserProfile%\.plugins2\006.server
File name: %UserProfile%\.plugins2\006.serverMime Type: unknown/server
Group: Malware file
%UserProfile%\.plugins2\007.server
File name: %UserProfile%\.plugins2\007.serverMime Type: unknown/server
Group: Malware file
%UserProfile%\.plugins2\008.server
File name: %UserProfile%\.plugins2\008.serverMime Type: unknown/server
Group: Malware file
%UserProfile%\.plugins2\009.server
File name: %UserProfile%\.plugins2\009.serverMime Type: unknown/server
Group: Malware file
%Temp%\JNativeHook_[RANDOM DIGITS].dll
File name: %Temp%\JNativeHook_[RANDOM DIGITS].dllFile type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
%UserProfile%\Application Data\Iexplorer\Chrome.jar
File name: %UserProfile%\Application Data\Iexplorer\Chrome.jarMime Type: unknown/jar
Group: Malware file
%UserProfile%\Application Data\Iexplorer\Desktop.ini
File name: %UserProfile%\Application Data\Iexplorer\Desktop.iniMime Type: unknown/ini
Group: Malware file
pepepepe.myvnc.com
File name: pepepepe.myvnc.comFile type: Command, executable file
Mime Type: unknown/com
Group: Malware file
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.