BKDR_ZACCESS.KP
Posted: August 16, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 2/10 |
---|---|
Infected PCs: | 18 |
First Seen: | August 16, 2012 |
---|---|
OS(es) Affected: | Windows |
BKDR_ZACCESS.KP is a Trojan dropper that's used to install other components of a ZeroAccess infection. The exact installation routine that BKDR_ZACCESS.KP uses may or may not display symptoms, depending on the level of the Windows account's user privileges, and a symptomless install is far from rare. Because BKDR_ZACCESS.KP is most-often distributed by P2P networks as fake gaming cracks and other pirated forms of software, SpywareRemove.com malware experts recommend that you scan suspicious programs before installing anything that you've downloaded from an insecure source. BKDR_ZACCESS.KP's installation of the rest of a ZeroAccess infection only includes symptoms in certain circumstances, such as fake pop-ups for Adobe Flash installers, and aren't guaranteed to display any symptoms afterward. Given that BKDR_ZACCESS.KP's ultimate payload is a high-level PC threat that's capable of stealing such confidential information as bank credentials, any potential BKDR_ZACCESS.KP attack should be treated with the utmost caution until your PC has been disinfected by anti-malware software.
Why Piracy Doesn't Pay: an Unintentional Lesson from BKDR_ZACCESS.KP
BKDR_ZACCESS.KP's main propagation strategy uses mislabeled EXE files downloaded from peer-to-peer networks, with BKDR_ZACCESS.KP's disguises including license key generators, game cracks, pre-cracked versions of popular programs and popular movies. After its launch, BKDR_ZACCESS.KP checks your PC for the privileges level of the active Windows account. If your account has administrator privileges, BKDR_ZACCESS.KP will install the rest of its payload (which is fixed as a ZeroAccess Trojan, due to BKDR_ZACCESS.KP's nature as a Trojan dropper) without any symptoms of this attack. Correspondingly, SpywareRemove.com malware analysts note that it may be wise to scan your PC with anti-malware products if you open a suspicious file that appears to do nothing or displays an error message in the program that's meant to open it.
However, what makes BKDR_ZACCESS.KP interesting is what BKDR_ZACCESS.KP does in cases where account restrictions prevent BKDR_ZACCESS.KP from installing its payload without your consent. In such scenarios, BKDR_ZACCESS.KP drops two temporarily files – the .DLL Trojan detected as BKDR_ZACCESS.SMQQ and a fake InstallFlashPlayer.exe file – with the former launching in the latter. BKDR_ZACCESS.SMQQ also will display a UAC pop-up that indicates that Adobe's Flash Player is trying to install. SpywareRemove.com malware researchers make a note of the fact that this pop-up is identical to a normal installation pop-up from the UAC in all respects, and can trick victims into granting permission to a ZeroAccess installer without their realizing what actually happened.
Why You Don't Want the Kind of Access That BKDR_ZACCESS.KP Offers
Although BKDR_ZACCESS.KP's attacks are limited to gathering basic information about your PC to install other PC threats, the full payload of a successful BKDR_ZACCESS.KP attack can include a range of functions. Some corresponding attacks that SpywareRemove.com malware research team considers especially dangerous include likely theft of financial information, browser hijacks that insert phishing content into unrelated web pages, compromised account passwords/logins and disabled security-related programs.
Since BKDR_ZACCESS.KP and related ZeroAccess-based Trojans conceal their components with inaccurate file names, obscure locations and, in some cases, even code injection attacks into unrelated files, SpywareRemove.com malware researchers feel comfortable in discouraging manual find and delete BKDR_ZACCESS.KP without much trouble.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:msimg32.dll
File name: msimg32.dllFile type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.