Backdoor.Pontoeb
Posted: December 30, 2011
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 6/10 |
---|---|
Infected PCs: | 58 |
First Seen: | December 30, 2011 |
---|---|
OS(es) Affected: | Windows |
Pontoeb is a backdoor Trojan that has gained recent attention due to its usage of fake Diablo 3 cracks as installation files. SpywareRemove.com malware analysts warn that Pontoeb infections should be considered high-level threats to any Windows computer's security as a consequence of Pontoeb's backdoor functions, which allow Pontoeb to enable access and control over your PC by remote criminals. Other than unauthorized changes to your Windows Firewall, there may be few symptoms of Pontoeb on your computer even while Pontoeb is active, and SpywareRemove.com malware experts recommend that you use appropriate anti-malware scanners to detect and delete Pontoeb. Regardless of its discretion, allowing Pontoeb to remain on your computer can be considered equivalent to handing your computer over to hackers, which may result in a wide range of invasive attacks.
Don't Be Too Hasty to Grab That Crack – It Might Just Be Pontoeb
Pontoeb's primary propagation method is to conceal itself in .exe files that are inaccurately-named after cracks, key generators, trials and other types of utilities for popular-and-upcoming games like Dota 2 and Diablo III (for example, 'diablo3-crack.exe'). As long as you acquire your gaming-related files from appropriate sources, the possibility of being exposed to Pontoeb is slim, although P2P networks and pirate software sites are highly-likely to be populated by copies of Pontoeb.
Launching these Pontoeb-contamined executables will cause Pontoeb to install itself and run automatically as a background process, although there may be no visible symptoms of this consequence. Initial actions by Pontoeb include gathering basic system information that can be used to identify your PC for future attacks – this information is sent back to Pontoeb's hacker partners without your consent, and during the process, aspects of your network and firewall security are inevitably-compromised.
The Ultimate Results When Eagerness to Play Leads to Pontoeb Attacks
Because attacks by Pontoeb can be configured for a variety of ill effects, SpywareRemove.com malware researchers advise you to be on the lookout for even the worst possibilities, which can include:
- Disabled security and anti-malware programs.
- Browser redirect attacks that force your browser to load malicious or fraudulent content.
- Changes to your computer's network ports and firewall that make their security settings useless for the purposes of blocking future assaults.
- Loss of system resources that are diverted to illegal activities (such as DDoS attacks, AKA traffic-flooding attacks on websites).
- Loss of personal information from keylogging, phishing techniques and other spyware attacks – this can include bank account information, Social Security numbers and credit card numbers.
- The installation of other types of PC threats such as worms, viruses or rogue security programs.
Pontoeb can be detected by the aliases of Trojan.MulDrop3.21941, Backdoor.MSIL.Agent.fyc and Backdoor:MSIL/Bafrus.J. However, SpywareRemove.com malware researchers note that backdoor variants of Pontoeb shouldn't be confused with slightly-older variants of Pontoeb, Backdoor:MSIL/Pontoeb.B and Backdoor:MSIL/Pontoeb.A, which are both worms that propagate via compressed archives (such as .zip files).
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:Builded.exe
File name: Builded.exeSize: 28.16 KB (28160 bytes)
MD5: 91768143d6c9909c3d36508a495263c8
Detection count: 44
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: January 2, 2012
The_Lost_Watch_3D_Screensaver.scr
File name: The_Lost_Watch_3D_Screensaver.scrMime Type: unknown/scr
Group: Malware file
unupx.dll
File name: unupx.dllFile type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
pstc.exe
File name: pstc.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
crstk.exe
File name: crstk.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
wtsx.exe
File name: wtsx.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
uTorent.exe
File name: uTorent.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
uodbs.dll
File name: uodbs.dllFile type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
taskhostt.exe
File name: taskhostt.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
systemup.exe
File name: systemup.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
Oik6C8D0B8D.sys
File name: Oik6C8D0B8D.sysFile type: System file
Mime Type: unknown/sys
Group: Malware file
netbt.sys
File name: netbt.sysFile type: System file
Mime Type: unknown/sys
Group: Malware file
mkqiq.exe
File name: mkqiq.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
inlisw32.dll
File name: inlisw32.dllFile type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
deep_freeze_standard_6_2.exe
File name: deep_freeze_standard_6_2.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
ctfmonqdd.exe
File name: ctfmonqdd.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
ctfmonipa.exe
File name: ctfmonipa.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
CR-WR311.EXE
File name: CR-WR311.EXEFile type: Executable File
Mime Type: unknown/EXE
Group: Malware file
Counter-Strike Source.exe
File name: Counter-Strike Source.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
commctl32.dll
File name: commctl32.dllFile type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
AppleMainInit.dll
File name: AppleMainInit.dllFile type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
9719831.exe
File name: 9719831.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
verupd.exe
File name: verupd.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
onetsw32.dll
File name: onetsw32.dllFile type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
inetsw32.dll
File name: inetsw32.dllFile type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
wb.exe
File name: wb.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
WUDHost.exe
File name: WUDHost.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
svchost.exe
File name: svchost.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
win32rundll.exe
File name: win32rundll.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
dwm.exe
File name: dwm.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
audiohd.exe
File name: audiohd.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
waudiohd.exe
File name: waudiohd.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.