Threat Information for "BackDoor.Generic.1273"
| Summary | Top |
- Name: BackDoor.Generic.1273
- Aliases:
- Date Discovered: 2006-10-25
- Protection Added: 2006-11-02
| Description | Top |
-- Ease of Removal 1: Uses running processes 2: Consistently named 3: Consistent file contents 4: Creates new registry entries with consistent data -- Privacy Risks/Security Changes 1: Opens backdoors -- Damage/Intrusion/Annoyance 1: Significantly slows down the computer 2: Creates new files 3: Downloads other threats -- Propagation/Saturation 1: Infects from a link in an email 2: Infects from an email attachment 3: Installed by other infections
| Technical Details | Top |
- Added Directory/File:
FilePath: %USERLOCALSETTINGS%\temp\nein.exe - Added Directory/File:
FilePath: %SYSTEMDIR%\cloudsim.exe - Added Directory/File:
FilePath: %SYSTEMDIR%\cloicf.exe - Added Registry Value:
Key: HKU\S-*\%CURRENTVERSIONREG%\Policies\Explorer\Run Value: cloicf - Added Registry Value:
Key: HKCU\%CURRENTVERSIONREG%\Run Value: cloicf - Added Registry Value:
Key: HKU\S-*\%CURRENTVERSIONREG%\Run Value: cloicf - Added Registry Value:
Key: HKCU\%CURRENTVERSIONREG%\RunOnce Value: cloicf - Added Registry Value:
Key: HKCU\%CURRENTVERSIONREG%\Policies\Explorer\Run Value: cloicf - Added Registry Value:
Key: HKU\S-*\%CURRENTVERSIONREG%\RunOnce Value: cloicf - Added Registry Data:
Key: HKCR\CLSID\* Value: [RANDOM VALUE] Data: cloudsim delKey=TRUE - Added Registry Data:
Key: HKCR\CLSID\* Value: [RANDOM VALUE] Data: cloicf delKey=TRUE
