Home Malware Programs Backdoors Backdoor.Egobot

Backdoor.Egobot

Posted: February 15, 2013

Threat Metric

Threat Level: 2/10
Infected PCs: 4
First Seen: February 15, 2013
OS(es) Affected: Windows

Backdoor.Egobot is a Trojan that opens a back door, downloads malware threats, and steals information on the affected computer. Backdoor.Egobot may be downloaded through a malicious .lnk file attached to emails. Once executed, Backdoor.Egobot drops malevolent files and runs one of the files upon startup. Backdoor.Egobot reads daxctle.dll, the file with the main malicious code, and inserts it into the processes. Backdoor.Egobot opens a back door on the infected computer, enabling attackers to perform numerous malicious actions. Backdoor.Egobot connects to the certain domain and may download infected files. Backdoor.Egobot transmits and gets commands from the remote servers.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%System%\alg.exe File name: %System%\alg.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%System%\spoolsv.exe File name: %System%\spoolsv.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%System%\wuauclt.exe File name: %System%\wuauclt.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
daxctle.dll File name: daxctle.dll
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
winmsd.exe File name: winmsd.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%UserProfile%\Local Settings\Microsoft\Windows\Program\Startup\winmsd.exe File name: %UserProfile%\Local Settings\Microsoft\Windows\Program\Startup\winmsd.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%UserProfile%\Local Settings\Microsoft\Windows\Program\Startup\detoured.dll File name: %UserProfile%\Local Settings\Microsoft\Windows\Program\Startup\detoured.dll
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
%UserProfile%\Local Settings\Microsoft\Windows\Program\Startup\daxctle.dll File name: %UserProfile%\Local Settings\Microsoft\Windows\Program\Startup\daxctle.dll
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Loading...