Backdoor.Krademok

Posted: March 6, 2012

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	6/10
Infected PCs:	29

First Seen:	March 6, 2012
OS(es) Affected:	Windows

Backdoor.Krademok is a technical label for the Dark Comet Trojan, a backdoor Trojan that creates security vulnerabilities and installs other harmful files onto your PC. Criminals may use command servers to control your PC via Backdoor.Krademok, which can be exploited for generic attacks that include the ability to steal passwords and record webcam data. Other than initial pop-up windows, Backdoor.Krademok doesn't display many symptoms, and SpywareRemove.com malware researchers recommend using anti-malware scanners to detect and remove Backdoor.Krademok infections when necessary. Although Backdoor.Krademok was originally detected in December of 2011, Backdoor.Krademok can update itself, and you likewise should keep your security software update to insure that Backdoor.Krademok can be found and deleted without trouble.

Backdoor.Krademok – a Spy without Much to Give Itself Away to Your Sight

Backdoor.Krademok is advertised and sold to criminals as the Dark Comet RAT (or Remote Administration Tool) at its home site, and this allows its services to be used by many different sources, albeit for a hefty price tag. The malicious components of a Backdoor.Krademok program may also be detected by several aliases, such as Generic Backdoor.xa, Mal/Behav-058, Backdoor.Win32.Finlosky.b or Trojan.Win32.CDur. Like most types of backdoor Trojans, Backdoor.Krademok isn't inclined to give many symptoms of its attacks, although you may see some pop-up notifications during Backdoor.Krademok's initial installation. Backdoor.Krademok may also be detectable from Task Manager and other utilities that allow you to view active memory processes.

The infection or client side of Backdoor.Krademok can be updated to include other functions, but Backdoor.Krademok's default features include the following attacks, which SpywareRemove.com malware researchers rate as significant threats to your computer's security and privacy:

Backdoor.Krademok may record your webcam feed.
Backdoor.Krademok may steal account passwords through a variety of common spyware tactics, such as keylogging or scanning browser caches for personal information.
Definitively, Backdoor.Krademok will create a backdoor on your PC that allows the aforementioned criminals to exert a limited amount of control. This can include letting criminals run malicious scripts, execute malicious files, initiate downloads or alter your Windows settings.

Why It's Not Necessary to Cower Under the Shadow of This Dark Comet

If left alone, Backdoor.Krademok can cause non-negligible damage to your computer, and SpywareRemove.com malware researchers always recommend that you remove Backdoor.Krademok and similar backdoor Trojans as soon as they're detected. However, due to its low distribution and the fact that Backdoor.Krademok can be removed easily by competent anti-malware programs, there's no need to panic if you do catch a Backdoor.Krademok infection.

Disabling all active PC threats via Safe Mode, a USB drive boot or other methods will allow you to scan your PC without interferences from Backdoor.Krademok. Despite this, removing Backdoor.Krademok without any form of software-based aid isn't recommended, since Backdoor.Krademok may name its components after Windows files and will make alterations to your PC that are easiest to erase via appropriate security products. SpywareRemove.com malware researchers have noted that Backdoor.Krademok is strictly designed to attack Windows, although Backdoor.Krademok may affect most versions of that platform up to, at least, Windows XP and Vista.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

[RANDOM].exe

File name: [RANDOM].exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

%Temp%\dclogs

File name: %Temp%\dclogs
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\DC3_FEXECHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MediaResources\msvideoHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MediaResources\msvideo