Search
Keyword: bkdr_back.b
following the message: "Do NOT shutdown OR reboot your PC: this might damage your files permanently !" It reverts the following modified registries entries back to its default values after encryption:
encryption and prevents the user from changing it back by modifying the NoChangingWallpaper registry value. It uses wevtutil.exe to clear Windows event logs. It initializes resources based on the number of
Process Termination This Ransomware terminates the following services if found on the affected system: vmcomp vmwp veeam Back xchange backup Backup acronis AcronisAgent AcrSch2Svc sql Enterprise Veeam
Installation This backdoor creates the following folders: %Application Data%\{random existing folder}\{random folder name} (Note: %Application Data% is the current user's Application Data folder,
One of the Windows malware related to the Careto attack known for encoding its configuration data and encrypting its network traffic thus making analysis difficult. To get a one-glance comprehensive
This backdoor is executed every system startup. In turn, it executes a file detected as BKDR_REDSIP.B. As a result, the malicious routines of said backdoor are also exhibited on the infected system.
This backdoor is noteworthy as this is a new TDSS TDL4 malware that modifies the Master Boot Record and monitors the browsing activities of the user. It may also download other malicious files
It monitors the browsing habits of the user and sends the information to certain URLs when certain strings are found in the Web address. It can also modify the search results returned by search
This backdoor may be downloaded by other malware/grayware/spyware from remote sites. It executes commands from a remote malicious user, effectively compromising the affected system. Arrival Details
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This backdoor arrives on a system as a
This backdoor may be downloaded by other malware/grayware/spyware from remote sites. It executes commands from a remote malicious user, effectively compromising the affected system. Arrival Details
This report is based on several samples detected by the one-to-many detection of BKDR_POISON.SMO. This backdoor may arrive contained inside a self extracting archive (RAR SFX) and attached in email
This malware acts as a proxy server to intercept requests of Internet browsers and point them to the proxy server on port 64323. It monitors Internet browser's activity to check for certain strings
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It runs certain commands that it receives remotely
This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It executes commands from a remote malicious user,
http://SJC1-TE-CMSAP1.sdi.trendnet.org/dumpImages/1812201284728.jpeg Cybercriminals employ various methods for stealing information, with social engineering and malware infection being the most
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It executes commands from a remote malicious user,
This backdoor may be manually installed by a remote user. It is able to receive commands from said remote user. When executed, it gathers information and downloads files. It also drops the malware
This backdoor adds mutexes to ensure that only one of its copies runs at any one time. It monitors the browsing habits of the user and send the information to specific URLs when certain strings are
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It executes commands from a remote malicious user,