Threat Information for "Modification of BackDoor.Generic.1373"

StopSign will automatically remove this infection with a paid membership.

• Name: Modification of BackDoor.Generic.1373
• Aliases:TR/PSW.Lmir.avr.3, W32/PWStealer.gen1, PSW.Legendmir.CFZ, Generic.PWSLmir.AAD3FD2B, Trojan.Lmir.avr, SPY/Lmir
• Date Discovered: 2006-08-31
• Protection Added: 2006-09-01

-- Ease of Removal

1: File names randomly generated from a hard-coded list
2: Uses redundant/watcher processes
3: Hides registry entries
4: Consistent file contents
5: Creates new registry entries with consistent data

-- Privacy Risks/Security Changes

1: Opens backdoors
2: Mimics legitimate file names

-- Damage/Intrusion/Annoyance

1: Modifies critical registry entries
2: Creates new files
3: Significantly slows down the computer

-- Propagation/Saturation

1: Infects with other exploitation method
2: Bundled with third-party applications

• Added Directory/File:
  FilePath: d:\command.com MD5: 85ef3a752d280d08952382f30a8642da
• Added Directory/File:
  FilePath: t:\command.com MD5: 85ef3a752d280d08952382f30a8642da
• Added Directory/File:
  FilePath: k:\command.com MD5: 85ef3a752d280d08952382f30a8642da
• Added Directory/File:
  FilePath: d:\autorun.inf MD5: 739dd3eedc10f9283496206517f8757c
• Added Directory/File:
  FilePath: r:\command.com MD5: 85ef3a752d280d08952382f30a8642da
• Added Directory/File:
  FilePath: i:\command.com MD5: 85ef3a752d280d08952382f30a8642da
• Added Directory/File:
  FilePath: y:\command.com MD5: 85ef3a752d280d08952382f30a8642da
• Added Directory/File:
  FilePath: p:\command.com MD5: 85ef3a752d280d08952382f30a8642da
• Added Directory/File:
  FilePath: g:\command.com MD5: 85ef3a752d280d08952382f30a8642da
• Added Directory/File:
  FilePath: w:\command.com MD5: 85ef3a752d280d08952382f30a8642da
• Added Directory/File:
  FilePath: n:\command.com MD5: 85ef3a752d280d08952382f30a8642da
• Added Directory/File:
  FilePath: %PROGRAMFILESDIR%\*.* MD5: 85ef3a752d280d08952382f30a8642da
• Added Directory/File:
  FilePath: e:\command.com MD5: 85ef3a752d280d08952382f30a8642da
• Added Directory/File:
  FilePath: u:\command.com MD5: 85ef3a752d280d08952382f30a8642da
• Added Directory/File:
  FilePath: l:\command.com MD5: 85ef3a752d280d08952382f30a8642da
• Added Directory/File:
  FilePath: %WINDIR%\shell.sys
• Added Directory/File:
  FilePath: c:\*.* MD5: 85ef3a752d280d08952382f30a8642da
• Added Directory/File:
  FilePath: s:\command.com MD5: 85ef3a752d280d08952382f30a8642da
• Added Directory/File:
  FilePath: j:\command.com MD5: 85ef3a752d280d08952382f30a8642da
• Added Directory/File:
  FilePath: z:\command.com MD5: 85ef3a752d280d08952382f30a8642da
• Added Directory/File:
  FilePath: q:\command.com MD5: 85ef3a752d280d08952382f30a8642da
• Added Directory/File:
  FilePath: h:\command.com MD5: 85ef3a752d280d08952382f30a8642da
• Added Directory/File:
  FilePath: x:\command.com MD5: 85ef3a752d280d08952382f30a8642da
• Added Directory/File:
  FilePath: o:\command.com MD5: 85ef3a752d280d08952382f30a8642da
• Added Directory/File:
  FilePath: f:\command.com MD5: 85ef3a752d280d08952382f30a8642da
• Added Directory/File:
  FilePath: v:\command.com MD5: 85ef3a752d280d08952382f30a8642da
• Added Directory/File:
  FilePath: m:\command.com MD5: 85ef3a752d280d08952382f30a8642da
• Added Directory/File:
  FilePath: %WINDIR%\*.* MD5: 85ef3a752d280d08952382f30a8642da
• Added Registry Key:
  Key: HKCU\Software\VB and VBA Program Settings\Microsoft Soft Debuger\Settings
• Added Registry Key:
  Key: HKLM\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command
• Added Registry Key:
  Key: HKLM\SOFTWARE\Classes\WindowFiles\Shell\Open
• Added Registry Key:
  Key: HKCR\WindowFiles\DefaultIcon
• Added Registry Key:
  Key: HKLM\SOFTWARE\Clients\StartMenuInternet\inexplore.pif
• Added Registry Key:
  Key: HKU\S-*\Software\VB and VBA Program Settings
• Added Registry Key:
  Key: HKCR\WindowFiles\Shell\Open
• Added Registry Key:
  Key: HKLM\SOFTWARE\Clients\StartMenuInternet\inexplore.pif\shell\open
• Added Registry Key:
  Key: HKU\S-*\Software\VB and VBA Program Settings\Microsoft Soft Debuger\Settings
• Added Registry Key:
  Key: HKLM\SOFTWARE\Classes\WindowFiles
• Added Registry Key:
  Key: HKCR\Drive\shell\find\command
• Added Registry Key:
  Key: HKCU\Software\VB and VBA Program Settings\Microsoft Soft Debuger
• Added Registry Key:
  Key: HKLM\SOFTWARE\Classes\WindowFiles\Shell
• Added Registry Key:
  Key: HKCR\WindowFiles
• Added Registry Key:
  Key: HKCR\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command
• Added Registry Key:
  Key: HKLM\SOFTWARE\Classes\WindowFiles\Shell\Open\Command
• Added Registry Key:
  Key: HKCR\WindowFiles\Shell
• Added Registry Key:
  Key: HKLM\SOFTWARE\Clients\StartMenuInternet\inexplore.pif\shell
• Added Registry Key:
  Key: HKU\S-*\Software\VB and VBA Program Settings\Microsoft Soft Debuger
• Added Registry Key:
  Key: HKCR\WindowFiles\Shell\Open\Command
• Added Registry Key:
  Key: HKLM\SOFTWARE\Clients\StartMenuInternet\inexplore.pif\shell\open\command
• Added Registry Key:
  Key: HKLM\SOFTWARE\Classes\Drive\shell\find\command
• Added Registry Key:
  Key: HKCU\Software\VB and VBA Program Settings
• Added Registry Key:
  Key: HKLM\SOFTWARE\Classes\WindowFiles\DefaultIcon
• Added Registry Value:
  Key: HKU\S-*\Software\Microsoft\Internet Explorer\Main Value: Check_Associations
• Added Registry Value:
  Key: HKLM\%CURRENTVERSIONREG%\Run Value: TProgram
• Added Registry Value:
  Key: HKCU\Software\VB and VBA Program Settings\Microsoft Soft Debuger\Settings Value: GUID
• Added Registry Value:
  Key: HKLM\SOFTWARE\Clients\StartMenuInternet\inexplore.pif Value: LocalizedString
• Added Registry Value:
  Key: HKCU\Software\Microsoft\Internet Explorer\Main Value: Check_Associations
• Added Registry Value:
  Key: HKU\S-*\Software\VB and VBA Program Settings\Microsoft Soft Debuger\Settings Value: GUID