Backdoor.Cmder.L

tag:computer virus

The virus comes as a dll, usually under the name mouse_dll.dll or winkey.dll. It exports three functions: WorkOne, WorkOne_t and SecondWork. It is usually dropped by a virus detected as Trojan.Dropper.RRO. When the dropper is executed it creates a directory named "Update" in "%Program Files%" directory, copies the backdoor file under the name winkey.exe and winkey.dll, registers the dll as a service(so it can run on startup) and then calls the function WorkOne.

When WorkOne is called the process tries to find and inject itself into explorer.exe. If it doesn Please let BitDefender disinfect your files.

Presence of a directory named "Update" in the "%Program Files%" directory.
Presence of the following files in "%Program Files%\Update" directory:
winkey.dll
winkey.exe

previous:Backdoor.BotGet.FtpA.Gen
previous:Backdoor.IRCBot.ST

Virus Source from:

New articles

TROJ_ARTIEF.SMThis Trojan exploits the RTF Stack Overflow vulnerability to drop and execute TROJ_INJECT.ART. This Trojan may be unknowingly downloaded by a user while visi...ANDROIDOS_GEINIMI.AThis backdoor may be unknowingly downloaded by a user while visiting malicious websites. Backdoor Routine This backdoor executes the following commands from...P2P-Worm.Win32.BlackControl.gThe malicious program intercepts the user’s requests to various sites and redirects them to a malicious URL. It also contains a tool for sending phishin...Backdoor.Win32.Bredolab.euaA malicious program that receives commands from a management server to download other malware to a computer. To ensure that it is launched automatically when t...Backdoor.Farfli.ABCommonly it commes as an installer so it can drop several files, detected by Bitdefender as adware (Adware.Cinmus) or tojan-downloaders.It modifies the memory o...

Hot Articles

Backdoor.Cmder.L

Computer Virus Clounds