Backdoor:Win32/Htbot.C
Posted: January 13, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 6/10 |
|---|---|
| Infected PCs: | 73 |
| First Seen: | January 13, 2016 |
|---|---|
| Last Seen: | January 20, 2019 |
| OS(es) Affected: | Windows |
Backdoor:Win32/Htbot.C is a vicious cyber threat that may provide its operators with a full control over compromised machines. As its name suggests, this Trojan opens backdoors, which may grant access to the infected PC. If the plan of the culprits turns out to be efficient, they may use Backdoor:Win32/Htbot.C to collect information or install programs automatically. This tool is like a 'weapon', which may be modified as the hackers decide. The con artists may upload different applications for different tasks, which means that they can achieve anything they want virtually. The potentially detrimental consequences are the reason it is best to prevent an infection with Backdoor:Win32/Htbot.C than to fix your PC afterward. Otherwise, even if you manage to clean the system, the hackers may already have the information they need. This cyber threat doesn't use unique distribution vectors that we haven't seen before. Backdoor:Win32/Htbot.C may sneak in if you download, decompress or open corrupted email attachments. The hackers may try to make the messages seem important to you. The sender may appear to be your bank, a large international financial institution, a shipment company, etc. The content may be shocking, but you should always be vigilant before interacting with the received files. After setting foot into your PC, Backdoor:Win32/Htbot.C will try to establish a connection with a remote host like softwearfounds.com via port 80. If the process is successful, you may be in great trouble. Through this backdoor, the hackers may send more threatening forms of malware to your PC. They also may receive the configuration of your system to detect certain vulnerabilities. They may copy the files stored on your hard disks or collect your accounts credentials. Some of the files that Backdoor:Win32/Htbot.C creates are winlogon-svc.exe and winsmss.exe in the %LOCALAPPDATA%\lix\ directory. You should conduct a check-up of your system to delete all of the installed harmful parasites.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:C:\Users\<username>\AppData\Local\TAL\winservices.exe
File name: winservices.exeSize: 311.29 KB (311296 bytes)
MD5: f119da0710d065129503a4769e91c038
Detection count: 91
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\AppData\Local\TAL
Group: Malware file
Last Updated: February 6, 2018
C:\Users\<username>\AppData\Local\VIV\csrss-svc.exe
File name: csrss-svc.exeSize: 288.76 KB (288768 bytes)
MD5: adb71c6295691df7d46fa0c16a22e10e
Detection count: 91
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\AppData\Local\VIV
Group: Malware file
Last Updated: February 6, 2018
C:\Users\<username>\AppData\Local\IFGL\ntcsrss.exe
File name: ntcsrss.exeSize: 217.6 KB (217600 bytes)
MD5: 6dda76bbee2758db5e5b92f619a9bf34
Detection count: 65
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\AppData\Local\IFGL
Group: Malware file
Last Updated: February 7, 2018
C:\Users\<username>\AppData\Local\UTMP\file.exe
File name: file.exeSize: 208.89 KB (208896 bytes)
MD5: 64b2457c7474fa3fc4cadb0e5cded4ce
Detection count: 31
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\AppData\Local\UTMP
Group: Malware file
Last Updated: February 21, 2018
%SYSTEMDRIVE%\Users\<username>\AppData\Local\JID\teracopyserviceupdater.exe\file.exe
File name: file.exeSize: 244.73 KB (244736 bytes)
MD5: cb32390630702f15390054188e6a74c4
Detection count: 21
File type: Executable File
Mime Type: unknown/exe
Path: %SYSTEMDRIVE%\Users\<username>\AppData\Local\JID\teracopyserviceupdater.exe
Group: Malware file
Last Updated: June 26, 2020
C:\Users\<username>\AppData\Local\INEN\file.exe
File name: file.exeSize: 308.22 KB (308224 bytes)
MD5: f9684678fc5fcb2c6d9bdc29029d068a
Detection count: 2
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\AppData\Local\INEN
Group: Malware file
Last Updated: March 12, 2018
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.