Troj/Backdr-HG

The backdoor Trojan Troj/Backdr-HG uses multiple levels of deceit in its attempt to install itself on your PC and then launch itself without your attention. SpywareRemove.com malware analysts have traced Troj/Backdr-HG attacks back to fake license agreements that pretend to be from Microsoft – right up to the point of copying the actual text of a previous Microsoft e-mail. After victims have open the mislabeled file attachment, Troj/Backdr-HG will install and launch itself with the same name (although not the same location) as a default file in the Windows OS. Deceptions aside, Troj/Backdr-HG is just one of the most recent attempts to get innocent PC users to compromise their own computers with backdoor Trojan infections that allow criminals to access confidential information and control the PC. Deleting Troj/Backdr-HG, like any high-level PC threat, should be handled with both haste and a good anti-malware scanner.

The Microsoft E-mail That's Happy to Give You a Trojan

Troj/Backdr-HG, like many other types of malware, prefers to use spam e-mail as its favored form of infection. These e-mail messages include Microsoft's updated logo along with a supposed update to the Microsoft Services agreement for various programs. If the exact wording of the message looks familiar, that's because it's copied, word-for-word, from legitimate Microsoft e-mail messages! SpywareRemove.com malware research team recommends that you watch for the most easily-discerned difference between Troj/Backdr-HG-carrying e-mails and the real thing: a file attachment that's named to look like a PDF.

This PDF actually is an EXE file – which can be determined by sight if you have your files set to display all extensions by default. Even though it claims to be a service agreement, this file's real purpose is to be an installer for Troj/Backdr-HG, which proceeds to compromise your computer's security with the same kind of backdoor exploit that's the bread-and-butter attack of many malware-specialized criminals.

The All-Too-Real Results of Troj/Backdr-HG's Fake Microsoft Agreement

Troj/Backdr-HG launches itself as a fake version of svchost.exe, and can be verified as fake due to its location: from the 'Documents and Settings\All Users' folder instead of the 'Windows\System32' folder. Troj/Backdr-HG also changes your Registry so that Troj/Backdr-HG can launch with Windows, after which Troj/Backdr-HG makes contact with a C&C server, conveniently bypassing your firewall security in the process of doing so.

Like any typical backdoor Trojan, Troj/Backdr-HG may be utilized to set up other kinds of malicious software, grant control of your files and installed programs over to criminals or steal private information. Troj/Backdr-HG's attacks don't display obvious symptoms, and SpywareRemove.com malware experts can't recommend any solution more effective than deleting Troj/Backdr-HG with a competent anti-malware product. This should be done ASAP, since the longer you allow your computer to be compromised by Troj/Backdr-HG, the greater the chances are that other types of malicious software will be installed and complicate the disinfection process.

Technical Details