Threat Information for "BackDoor.Pandu"

Removal Top

StopSign will automatically remove this infection with a paid membership.

Summary Top
  • Name: BackDoor.Pandu
  • Aliases:
  • Date Discovered: 2006-11-01
  • Protection Added: 2006-11-09
Description Top 
-- Ease of Removal

1: Uses running processes
2: Runs as a BHO or shell extension
3: Consistent file contents
4: File names uniquely generated
5: Creates new unique registry entries

-- Privacy Risks/Security Changes

1: Opens backdoors

-- Damage/Intrusion/Annoyance

1: Significantly slows down the computer
2: Creates new files
3: Downloads other threats

-- Propagation/Saturation

1: Infects from a link in an email
2: Infects from an email attachment
3: Installed by other infections
Technical Details Top
  • Added Directory/File:
    FilePath: %TEMPDIR%\*.* MD5: 12be392c55d93406a7b4755fa545f362
  • Added Directory/File:
    FilePath: %SYSTEMDIR%\*.* MD5: 1626370c0cf3344d3e8df45cfde4a38b
  • Added Registry Key:
    Key: HKCR\CLSID\{79FB9088-19CE-715E-D900-216290C5B738}
  • Added Registry Key:
    Key: HKLM\SOFTWARE\Classes\CLSID\{79FB9088-19CE-715E-D900-216290C5B738}
  • Added Registry Data:
    Key: HKLM\%CURRENTVERSIONREG%\ShellServiceObjectDelayLoad Value: [RANDOM VALUE] Data: {79FB9088-19CE-715E-D900-216290C5B738}