Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

BACKDOOR.GBOT.QOM

 

 

Name:

Backdoor.Gbot.qom

Descr. Added:

May 4, 2012

Type:

Backdoor

Risk:

Low

Payload:

N/A

At risk systems:

Windows 95/98/ME/XP/NT/2003

 

 

Malware problems?   We can help.  Free Removal Tools.

 

 

Description:

 

When Backdoor.Gbot.qom is executed, it performs the following activities:

After execution, it deletes the following files from the system:

%Windir%\system32\igfxtray.exe
%Windir%\system32\ReinstallBackups\0008\DriverFiles\igfxtray.exe

It drops the following files on to the system:

%Windir%\system32\igfxtray.exe [copy of itself]
%Windir%\system32\ReinstallBackups\0008\DriverFiles\igfxtray.exe [copy of itself]
%AppData%\igfxtray.dat
%SystemDir%\{Random name}\{Random name}.inf
%SystemDir%\{Random name}\{Random name}.dat
%Windir%\system32\ieunitdrf.inf [0 KB]

It creates the following registry entry to start itself on each reboot.

IgfxTray = "%Windir%\system32\igfxtray.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

This malware possess rootkit functionality by keeping its dropped files hidden.
 

 

 

 

 

 

 

 
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 - Industry Leading Endpoint Security Solution

“Delight yourself in the Lord and he will give you the desires of your heart.” Psalm 37:4