Home Malware Programs Backdoors Backdoor.Alusins

Backdoor.Alusins

Posted: September 4, 2013

Backdoor.Alusins is a backdoor Trojan that opens a back door and steals information from the infected computer. When executed, Backdoor.Alusins creates the potentially malicious files. Backdoor.Alusins creates registry entries so it can run automatically every time Windows starts. Backdoor.Alusins opens a back door on the contaminated computer, enabling a cybercriminal to execute the potentially malicious actions such as insert a malicious code into legitimate processes, such as 'svchost.exe', 'notepad.exe', and 'calc.exe' in order to disguise its existence; connect to a remote host to receive commands; retrieve system information such as user name, computer name, operating system version, IP address, language; retrieve type and version of firewall program installed; retrieve type and version of anti-virus programs installed; get the list of processes; log keystrokes; view the Windows Registry; open default web browser and connect to a web address indicated by the attacker; capture webcam footage; display warning and error messages on the affected computer; download and run additional malware infections; open and close the optical drive, send email using specified user names and passwords; and steal Pidgin and Filezilla user names and passwords.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%Temp%\key.txt File name: %Temp%\key.txt
Mime Type: unknown/txt
%Temp%\firavs.vbs File name: %Temp%\firavs.vbs
Mime Type: unknown/vbs

Registry Modifications

The following newly produced Registry Values are:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"[RANDOM CHARACTERS]" = "[THREAT PATH]\[THREAT NAME].exe"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"[RANDOM CHARACTERS]" = "[THREAT PATH]\[THREAT NAME].exe"
Loading...