Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

BACKDOOR.GBOT.HPL

 

 

 

Name:

Backdoor.Gbot.hpl

Added:

August 2, 2011

Type:

Backdoor

Risk:

Low

Payload:

N/A

At risk systems:

Windows 95/98/ME/XP/NT/2003

 

 

Description:

 

When Backdoor.Gbot.hpl is executed, it performs the following activities:

After execution, it drops the following files:

%Temp%\csrss.exe
%Temp%\{Random name}.tmp
%AppData%\{Random name}.
%AppData%\dwm.exe
%AppData%\Microsoft\conhost.exe

It creates/modifies the following registry entries:

conhost = "%AppData%\Microsoft\conhost.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Shell = "explorer.exe,%AppData%\dwm.exe"
HKU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

Load = "%Temp%\csrss.exe"
HKU\Software\Microsoft\Windows NT\CurrentVersion\Windows

ProxyEnable = "1"
HKU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
 

 

 

 

 

 

 

 
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

Malware problems?
We can help.

Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

Evaluate Thirtyseven4 Antivirus Now

Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 - Industry Leading Endpoint Security Solution

“Delight yourself in the Lord and he will give you the desires of your heart.” Psalm 37:4