Backdoor.Odivy
Backdoor.Odivy is a malicious backdoor Trojan that opens a back door on the infected computer by connecting to TCP port 80: praxair.no-ip.org. Backdoor. Odivy may come as an email attachment, which usually is in the form of an 7z or RAR SFX executable. Backdoor.Odivy then injects code, which is the PoisonIvy remote administration tool (RAT), into the default web browser and the process explorer.exe that makes it exposed to remote administration tool. By using Backdoor.Odivy, a remote attacker can monitor a PC system. The remote attacker then gives commands to the Backdoor.Odivy to execute malicious actions such as steal personal information from the compromised computer system, track and collect your browsing habits, and gather data about other PCs in the local network. You should remove Backdoor.Odivy immediately with a reliable anti-malware program.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%Temp%\happiness.txt
File name: %Temp%\happiness.txtMime Type: unknown/txt
%Temp%\xxxx.exe
File name: %Temp%\xxxx.exeFile type: Executable File
Mime Type: unknown/exe
%System%\jql.sys
File name: %System%\jql.sysFile type: System file
Mime Type: unknown/sys
%System%\winsys.exe
File name: %System%\winsys.exeFile type: Executable File
Mime Type: unknown/exe
%CommonProgramFiles%\ODBC\ODUBC.DLL
File name: %CommonProgramFiles%\ODBC\ODUBC.DLLFile type: Dynamic link library
Mime Type: unknown/DLL
Registry Modifications
HKEY..\..\{CLSID Path}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{34DED0E2-8B26-67FC-4718-B8C8A145ADB6}\"StubPath" = "%System%\winsys.exe"
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.