Backdoor.win32.ZAccess.de
Backdoor.win32.ZAccess.de is a hazaradous backdoor Trojan that is able to control the affected computer system without a user's permission or knowledge. Backdoor.win32.ZAccess.de can be surreptitiously installed on the compromised machine by other applications or any unsafe operations via security loopholes. Backdoor.win32.ZAccess.de can also download additional malware on a targeted computer system and steal your personal information. Delete Backdoor.win32.ZAccess.de as quickly as possible to secure your PC.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:C:\Documents and Settings\<username>\local settings\application data\Conduit
File name: C:\Documents and Settings\<username>\local settings\application data\Conduitc:\program files\uTorrentBar
File name: c:\program files\uTorrentBarC:\Documents and Settings\<username>\local settings\application data\uTorrent
File name: C:\Documents and Settings\<username>\local settings\application data\uTorrentc:\program files\mozilla firefox\d3dx9_43.dll
File name: c:\program files\mozilla firefox\d3dx9_43.dllFile type: Dynamic link library
Mime Type: unknown/dll
c:\program files\mozilla firefox\mozjs.dll
File name: c:\program files\mozilla firefox\mozjs.dllFile type: Dynamic link library
Mime Type: unknown/dll
c:\program files\mozilla firefox\mozalloc.dll
File name: c:\program files\mozilla firefox\mozalloc.dllFile type: Dynamic link library
Mime Type: unknown/dll
c:\program files\Conduit
File name: c:\program files\Conduitc:\program files\mozilla firefox\libEGL.dll
File name: c:\program files\mozilla firefox\libEGL.dllFile type: Dynamic link library
Mime Type: unknown/dll
c:\program files\mozilla firefox\mozsqlite3.dll
File name: c:\program files\mozilla firefox\mozsqlite3.dllFile type: Dynamic link library
Mime Type: unknown/dll
c:\program files\mozilla firefox\libGLESv2.dll
File name: c:\program files\mozilla firefox\libGLESv2.dllFile type: Dynamic link library
Mime Type: unknown/dll
c:\program files\mozilla firefox\D3DCompiler_43.dll
File name: c:\program files\mozilla firefox\D3DCompiler_43.dllFile type: Dynamic link library
Mime Type: unknown/dll
C:\Documents and Settings\<username>\local settings\application data\ConduitEngine
File name: C:\Documents and Settings\<username>\local settings\application data\ConduitEngineC:\Documents and Settings\<username>\local settings\application data\uTorrentBar
File name: C:\Documents and Settings\<username>\local settings\application data\uTorrentBarc:\windows\system32\ConduitEngine.tmp
File name: c:\windows\system32\ConduitEngine.tmpFile type: Temporary File
Mime Type: unknown/tmp
c:\program files\ConduitEngine
File name: c:\program files\ConduitEngineC:\Documents and Settings\<username>\local settings\application data\Temp
File name: C:\Documents and Settings\<username>\local settings\application data\TempRegistry Modifications
The following newly produced Registry Values are:
HKEY..\..\{CLSID Path}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16FC10F7-1272-4A21-96B2-F746B9ADFF8D}\VERSIONHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ED7E6D4E-DE3A-4662-A7CA-44ECA5C55ED5}\ProxyStubClsid32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ED7E6D4E-DE3A-4662-A7CA-44ECA5C55ED5}\TypeLibHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16FC10F7-1272-4A21-96B2-F746B9ADFF8D}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16FC10F7-1272-4A21-96B2-F746B9ADFF8D}\ProgIDHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16FC10F7-1272-4A21-96B2-F746B9ADFF8D}\ProgrammableHKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2B56ADBB-327F-4905-A410-DDD81CE22BFC}\1.0\FLAGSHKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2B56ADBB-327F-4905-A410-DDD81CE22BFC}\1.0\HELPDIRHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16FC10F7-1272-4A21-96B2-F746B9ADFF8D}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16FC10F7-1272-4A21-96B2-F746B9ADFF8D}\Implemented CategoriesHKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\flashobj.shdoclsHKEY_LOCAL_MACHINE\SOFTWARE\Classes\flashobj.shdocls\ClsidHKEY_CURRENT_USER\Software\BIFROST1.2 settings = 51 00 00 00 00 00 00 00 00 00 00 00 6D 79 70 61 73 73 00 00
HKEY..\..\{CLSID Path}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16FC10F7-1272-4A21-96B2-F746B9ADFF8D}\VERSIONHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ED7E6D4E-DE3A-4662-A7CA-44ECA5C55ED5}\ProxyStubClsid32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ED7E6D4E-DE3A-4662-A7CA-44ECA5C55ED5}\TypeLibHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16FC10F7-1272-4A21-96B2-F746B9ADFF8D}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16FC10F7-1272-4A21-96B2-F746B9ADFF8D}\ProgIDHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16FC10F7-1272-4A21-96B2-F746B9ADFF8D}\ProgrammableHKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2B56ADBB-327F-4905-A410-DDD81CE22BFC}\1.0\FLAGSHKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2B56ADBB-327F-4905-A410-DDD81CE22BFC}\1.0\HELPDIRHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16FC10F7-1272-4A21-96B2-F746B9ADFF8D}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16FC10F7-1272-4A21-96B2-F746B9ADFF8D}\Implemented CategoriesHKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\flashobj.shdoclsHKEY_LOCAL_MACHINE\SOFTWARE\Classes\flashobj.shdocls\ClsidHKEY_CURRENT_USER\Software\BIFROST1.2 settings = 51 00 00 00 00 00 00 00 00 00 00 00 6D 79 70 61 73 73 00 00
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.