Home Malware Programs Backdoors BKDR_BTMINE.MNR

BKDR_BTMINE.MNR

Posted: September 27, 2011

Threat Metric

Ranking: 10,878
Threat Level: 8/10
Infected PCs: 129
First Seen: September 26, 2011
Last Seen: October 12, 2023
OS(es) Affected: Windows

BKDR_BTMINE.MNR is a backdoor Trojan, which is a part of a package that create BitCoins and performs DDOS attacks against affected computer systems. BKDR_BTMINE.MNR may be downloaded and installed by other malware infections and other computer threats from remote websites. BKDR_BTMINE.MNR may be unknowingly downloaded by a PC user while visiting dubious websites. BKDR_BTMINE.MNR connects to the malicious URLs to get a list of server IP addresses and saves it in specific files. BKDR_BTMINE.MNR connects to the IP addresses in the gain list to send and receive information, download other malware threats and get a new list of IP addresses. BKDR_BTMINE.MNR builds the URL using specific format. BKDR_BTMINE.MNR downloads publicly available Bitcoin miners such as Phoenix, RPCminer, and Ufasoft, and saves the downloaded package. To protect your computer from damage, remove BKDR_BTMINE.MNR as soon as possible.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



BKDR_BTMINE.DDOS File name: BKDR_BTMINE.DDOS
Mime Type: unknown/DDOS
Group: Malware file
%Windows%\phoenix.rar File name: %Windows%\phoenix.rar
Mime Type: unknown/rar
Group: Malware file
%Windows%\rpcminer.rar File name: %Windows%\rpcminer.rar
Mime Type: unknown/rar
Group: Malware file
%Windows%\ufa.rar File name: %Windows%\ufa.rar
Mime Type: unknown/rar
Group: Malware file
%Windows%\{number}_myunrar2.exe File name: %Windows%\{number}_myunrar2.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclientHKEY_LOCAL_MACHINE\SOFTWARE\btcclient
Loading...