Backdoor.Matsnu.B
Backdoor.Matsnu.B is a backdoor Trojan that opens a back door on the targeted computer. When Backdoor.Matsnu.B is executed, it copies itself as one of the potentially malicious files. Backdoor.Matsnu.B creates the registry entries so that it can run automatically every time Windows boots. Backdoor.Matsnu.B connects to one of the web addresses and waits for commands from the remote attacker. Backdoor.Matsnu.B downloads and executes files; updates the list of web addresses; updates itself; deletes all files and folders in any hard drive found; and overwrites the first 10,000 bytes in fixed hard drives and deletes the particular files.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%UserProfile%\Application Data\[RANDOM FILE NAME].exe
File name: %UserProfile%\Application Data\[RANDOM FILE NAME].exeFile type: Executable File
Mime Type: unknown/exe
%UserProfile%\[RANDOM FILE NAME].exe
File name: %UserProfile%\[RANDOM FILE NAME].exeMime Type: unknown/exe
%Temp%\[RANDOM FILE NAME].exe
File name: %Temp%\[RANDOM FILE NAME].exeFile type: Executable File
Mime Type: unknown/exe
%DriveLetter%\ntdetect.com
File name: %DriveLetter%\ntdetect.comFile type: Command, executable file
Mime Type: unknown/com
%DriveLetter%\ntldr
File name: %DriveLetter%\ntldrRegistry Modifications
HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\"Startup" = "[PATH TO TROJAN FOLDER]"HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\"run" = "[PATH TO TROJAN]"HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\"load" = "[PATH TO TROJAN]"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"[COMPUTER SPECIFIC STRING]" = "[PATH TO TROJAN]"
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.