Home Malware Programs Backdoors Backdoor.Klankty

Backdoor.Klankty

Posted: January 10, 2013

Threat Metric

Threat Level: 6/10
Infected PCs: 6
First Seen: January 10, 2013
OS(es) Affected: Windows

Backdoor.Klankty is a backdoor Trojan that opens a back door on the affected computer and connects to the specific domain. Backdoor.Klankty may also download and install additional security threats. Once executed, Backdoor.Klankty creates potentially malicious files. Backdoor.Klankty also creates registry keys. Backdoor.Klankty overwrites the hosts file. Backdoor.Klankty uploads host information. Backdoor.Klankty may logoff, restart, or shutdown the computer, execute commands through shellexecute, take screenshots, terminate processes, and perform other malicious actions.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



76ce1fc92c31072cded5309d0fb63ca1b2f7ce26 File name: 76ce1fc92c31072cded5309d0fb63ca1b2f7ce26
Size: 628.52 KB (628525 bytes)
MD5: 5374872c8f841177fe8f163d193b891f
Detection count: 73
Group: Malware file
Last Updated: January 11, 2013
%WinDir%\Temp\1.bat File name: %WinDir%\Temp\1.bat
File type: Batch file
Mime Type: unknown/bat
Group: Malware file
%System%\oqcito.exe File name: %System%\oqcito.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%WinDir%\Temp\IPCONFIG.INI File name: %WinDir%\Temp\IPCONFIG.INI
Mime Type: unknown/INI
Group: Malware file
%WinDir%\adobe_update.exe File name: %WinDir%\adobe_update.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\{Value}HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\"C:\WINDOWS \system32\oqcito.exe" = "C:\WINDOWS\system32\oqcito.exe:*:Enabled:Microsoft (R) Internetal IExplore" HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Security\"DisableSecuritySettingsCheck" = "1"HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\adobe_updateHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\han
Loading...