Threat Information for "BackDoor.EggDrop.1619"
| Summary | Top |
- Name: BackDoor.EggDrop.1619
- Aliases:
- Date Discovered: 2007-01-11
- Protection Added: 2007-01-18
| Description | Top |
-- Ease of Removal 1: Uses running processes 2: Runs as a service 3: Consistently named 4: Consistent file contents 5: Creates new registry entries with consistent data -- Privacy Risks/Security Changes 1: Opens backdoors 2: Mimics legitimate file names -- Damage/Intrusion/Annoyance 1: Displays deceptive error messages 2: Creates new files -- Propagation/Saturation 1: Spreads through Peer-2-Peer software 2: Installed by other infections
| Technical Details | Top |
- Added Directory/File:
FilePath: %SYSTEMDIR%\*.exe MD5: d41d8cd98f00b204e9800998ecf8427e - Added Directory/File:
FilePath: %SYSTEMDIR%\taskkill.exe - Added Directory/File:
FilePath: %COMMONSTARTUP%\wmplayer.exe - Added Directory/File:
FilePath: %ROOTDRIVE%setup9x.exe - Added Directory/File:
FilePath: %WINDIR%\pif - Added Directory/File:
FilePath: %SYSTEMDIR%\p2pnetworking.exe - Added Registry Value:
Key: HKCU\Software\Microsoft\OLE Value: wmplayer - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: wmplayer - Added Registry Value:
Key: HKU\S-*\Software\Microsoft\OLE Value: wmplayer - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\RunServices Value: wmplayer
