Backdoor.Gspy.A

Posted: January 25, 2012

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	6/10
Infected PCs:	234

First Seen:	December 27, 2011
Last Seen:	November 21, 2020
OS(es) Affected:	Windows

Backdoor.Gspy.A is a malicious backdoor Trojan infection that infiltrates into your computer system without your permission and knowledge and then attempts to steal private details such as your banking data and various others logins and/or passwords. Backdoor.Gspy.A reduces the security level of your PC system in order to allow attackers to gain remote access and control over your computer without you even knowing about it. Backdoor.Gspy.A is is difficult to detect if you are not a computer expert, because it does not have an interface nor does it show annoying pop-up messages. However, the existence of the certain process files in the Task Manager is the best evidence of Backdoor.Gspy.A. Backdoor.Gspy.A always runs in the background of your system, because upon the installation it modifies the registry by adding a RUN key so that it can run automatically every time you start your computer. Backdoor.Gspy.A also corrupts several legitimate processes in order to evade detection by security software. Backdoor.Gspy.A is able to delete files, change system settings and download arbitrary files that usually include other types of malware threats. In order to download and execute the said files Backdoor.Gspy.A connects to remote Russian websites. To protect your PC from damage, find a reputable anti-malware tool to completely remove Backdoor.Gspy.A.

Aliases

BackDoor.Generic15.NTZ [AVG]W32/BackDoor.1GT!tr [Fortinet]Win-Trojan/Gspy.111616 [AhnLab-V3]BDS/GSpy.A.61 [AntiVir]Backdoor.Generic.705834 [BitDefender]Trojan-Dropper.Win32.Injector.cwcu [Kaspersky]a variant of Win32/Kryptik.ABNX [NOD32]Generic BackDoor!1gt [McAfee]TrojanDropper.Injector.cwcu [CAT-QuickHeal]Dropper.Generic4.CJIX [AVG]BDS/GSpy.A.6 [AntiVir]Trojan.Inject.57971 [DrWeb]Trojan.Generic.KDV.441331 [BitDefender]Trojan-Dropper.Win32.Injector.aahv [Kaspersky]a variant of Win32/Kryptik.WAF [NOD32]
More aliases (302)

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Backdoor.Gspy.A may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner*

* See Free Trial offer below. EULA and Privacy/Cookie Policy. * See Free Trial offer below. EULA and Privacy/Cookie Policy.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%WINDIR%\system32\htBCSvc32.exe

File name: htBCSvc32.exe
Size: 1.89 MB (1890304 bytes)
MD5: ca12b34694feea88a8056cabd73258f6
Detection count: 84
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32\
Group: Malware file
Last Updated: January 1, 2012

%WINDIR%\ckazo.exe

File name: ckazo.exe
Size: 119.29 KB (119296 bytes)
MD5: c5f7eb582b54d2e893276a1725e504e5
Detection count: 62
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\
Group: Malware file
Last Updated: February 13, 2012

%WINDIR%\lmjwl.exe

File name: lmjwl.exe
Size: 118.78 KB (118784 bytes)
MD5: e2ff48c54a6d7e0bff237b7b03b7a13a
Detection count: 54
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\
Group: Malware file
Last Updated: April 27, 2012

%WINDIR%\usmme.exe

File name: usmme.exe
Size: 131.07 KB (131072 bytes)
MD5: 8bf08b9eef967da31722c215acc4b87f
Detection count: 45
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\
Group: Malware file
Last Updated: January 16, 2012

%ALLUSERSPROFILE%\mshtune.exe

File name: mshtune.exe
Size: 122.88 KB (122880 bytes)
MD5: 24859fe4971fe4e6fd496d513e75fd70
Detection count: 44
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\
Group: Malware file
Last Updated: January 1, 2012

%PROGRAMFILES%\Messenger\msmsgs.exe

File name: msmsgs.exe
Size: 1.1 MB (1105412 bytes)
MD5: 6a1365083f768e50d134218890d5d6c4
Detection count: 23
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\Messenger\
Group: Malware file
Last Updated: January 1, 2012

%WINDIR%\system32\NUSB3w32.dll

File name: NUSB3w32.dll
Size: 157.18 KB (157184 bytes)
MD5: d00f284ec2cdb0ed59db00dcb7b00fbf
Detection count: 14
File type: Dynamic link library
Mime Type: unknown/dll
Path: %WINDIR%\system32\
Group: Malware file
Last Updated: January 1, 2012

%ALLUSERSPROFILE%\ciohb.exe

File name: ciohb.exe
Size: 118.78 KB (118784 bytes)
MD5: af19f2e7b32484c29ebb78178bbbea74
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\
Group: Malware file
Last Updated: February 6, 2012

%WINDIR%\System32\appmgmts.dll

File name: appmgmts.dll
Size: 83.11 KB (83112 bytes)
MD5: 67e0da396b8cc5b479db96d7e46ae016
Detection count: 12
File type: Dynamic link library
Mime Type: unknown/dll
Path: %WINDIR%\System32\
Group: Malware file
Last Updated: March 8, 2012

%PROGRAMFILES%\RealtekAudioDriver\audiodrvx.exe

File name: audiodrvx.exe
Size: 1.44 MB (1444864 bytes)
MD5: 0f3e99946f676bb3e191a599890298fa
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\RealtekAudioDriver\
Group: Malware file
Last Updated: January 1, 2012

Anti-Malware.exe

File name: Anti-Malware.exe
Size: 44.54 KB (44544 bytes)
MD5: 53486bf93b2e14b8173a02f5423873fb
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: January 1, 2012

%ALLUSERSPROFILE%\ozzok.exe

File name: ozzok.exe
Size: 119.8 KB (119808 bytes)
MD5: 5faa7090b955aa3b1f36f8d3b76b2e1d
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\
Group: Malware file
Last Updated: January 30, 2012

%WINDIR%\gsmej.exe

File name: gsmej.exe
Size: 114.17 KB (114176 bytes)
MD5: 62017e70d3f8ef4f9d0119dfa801d4f1
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\
Group: Malware file
Last Updated: January 23, 2013

%ALLUSERSPROFILE%\depzk.exe

File name: depzk.exe
Size: 133.63 KB (133632 bytes)
MD5: 8e0bdc022352d70464b5732a82b91c24
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\
Group: Malware file
Last Updated: March 6, 2013

%ALLUSERSPROFILE%\saaxh.exe

File name: saaxh.exe
Size: 111.61 KB (111616 bytes)
MD5: 1a2ba21b0bc9bbdcc49c46c79aadd5dc
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\
Group: Malware file
Last Updated: March 6, 2013

%WINDIR%\rndbs.exe

File name: rndbs.exe
Size: 71.79 KB (71798 bytes)
MD5: 93d9e505723fceee6333e366fb16cf13
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\
Group: Malware file
Last Updated: January 1, 2012

%ALLUSERSPROFILE%\xhygu.exe

File name: xhygu.exe
Size: 114.68 KB (114688 bytes)
MD5: ac1202cfecd7108abded035a852c2fa1
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\
Group: Malware file
Last Updated: February 8, 2012

%ALLUSERSPROFILE%\qdlrj.exe

File name: qdlrj.exe
Size: 118.27 KB (118272 bytes)
MD5: 8319605f9c49e058a7eca47f65848c47
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\
Group: Malware file
Last Updated: June 6, 2012

%ALLUSERSPROFILE%\vluge.exe

File name: vluge.exe
Size: 118.27 KB (118272 bytes)
MD5: e9a0146f30875831996daecf97371b67
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\
Group: Malware file
Last Updated: January 30, 2012

%ALLUSERSPROFILE%\vlopq.exe

File name: vlopq.exe
Size: 113.66 KB (113664 bytes)
MD5: 57c69b71c6dcbbac337861087cd1d5e3
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\
Group: Malware file
Last Updated: October 15, 2012

%WINDIR%\qreys.exe

File name: qreys.exe
Size: 116.22 KB (116224 bytes)
MD5: 9b10e4c69d716cb01aa0599829441768
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\
Group: Malware file
Last Updated: February 25, 2013

53499.exe

File name: 53499.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

Anti-Malware.exe

File name: Anti-Malware.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

qrvzd.exe

File name: qrvzd.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

pdf_converter.exe

File name: pdf_converter.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

waada.exe

File name: waada.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

Svchost.exe

File name: Svchost.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

_ex-68.exe

File name: _ex-68.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file