Mal/Backdr-L

Category: Viruses and SpywareProtection available since:09 Aug 2010 15:39:20 (GMT)
Type: Malicious behaviorLast Updated:04 Nov 2014 06:05:14 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Mal/Backdr-L is a Trojan for the Windows platform.

Mal/Backdr-L includes functionality to:

 - create files in the <System> folder
 - steal confidential information
 - access the internet and communicate with a remote server via HTTP

When Troj/NameNotSpecfied is installed the following files are created:

<User>\Application Data\MSA\mscj.exe
<System>\dllcache\<random name>.exe

The following registry entry is created to run mscj.exe on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
mscj.exe
<User>\Application Data\MSA\mscj.exe

Registry entries are set as follows:

HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter
Enabled
0x00000000

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
EnableLUA
0x00000000

HKCU\Software\Microsoft\Internet Explorer\PhishingFilter
Enabled
0x00000000

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableTaskMgr
0x00000000

Registry entries are created under:

HKLM\SOFTWARE\Microsoft\DownloadManager