Threat Information for "BackDoor.Netag"

Removal Top

StopSign will automatically remove this infection with a paid membership.

Summary Top
  • Name: BackDoor.Netag
  • Aliases:
  • Date Discovered: 2006-11-07
  • Protection Added: 2006-11-10
Description Top 
-- Ease of Removal

1: Creates new registry entries with consistent data
2: Consistent file contents
3: Consistently named
4: Runs as a service
5: Injects DLLs into running processes
6: Uses running processes

-- Privacy Risks/Security Changes

1: Opens backdoors
2: Mimics legitimate file names
3: Changes internet security settings

-- Damage/Intrusion/Annoyance

1: Significantly slows down the computer
2: Creates new files
3: Downloads other threats

-- Propagation/Saturation

1: Infects from a link in an email
2: Infects from an email attachment
3: Installed by other infections
Technical Details Top
  • Added Directory/File:
    FilePath: %WINDIR%\iesm32.exe*
  • Added Directory/File:
    FilePath: %SYSTEMDIR%\iesm32.exe*
  • Added Registry Key:
    Key: HKCR\CLSID\{908772FF-B067-1709-C584-CBD6D0151394}
  • Added Registry Key:
    Key: HKLM\SOFTWARE\Classes\CLSID\{908772FF-B067-1709-C584-CBD6D0151394}
  • Added Registry Data:
    Key: HKLM\%CURRENTVERSIONREG%\RunServices Value: [RANDOM VALUE] Data: IESM32.EXE