Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

BACKDOOR.MOMIBOT.IW2

 

 

Name:

Backdoor.Momibot.iw2

Added:

January 16, 2012

Type:

Backdoor

Risk:

Low

Payload:

N/A

At risk systems:

Windows 95/98/ME/XP/NT/2003

 

 

Malware problems?   We can help.  Free Removal Tools.

 

 

Description:

 

When Backdoor.Momibot.iw2 is executed, it performs the following activities:

After execution, it drops the following files:

%Windir%\System32\{random characters}.exe
%Windir%\System32\{random characters}.dat

It creates/modifies the following registry entries:

DisplayName = "Removable Storage NtmsSvcSysmonLog"
HKLM\System\CurrentControlSet\Services\NtmsSvcSysmonLog

ImagePath = "%Windir%\System32\{random characters}.exe srv"
HKLM\System\CurrentControlSet\Services\NtmsSvcSysmonLog
 

 

 

 

 

 

 

 
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 - Industry Leading Endpoint Security Solution

“Delight yourself in the Lord and he will give you the desires of your heart.” Psalm 37:4