Threat Information for "Backdoor.Generic.1470"

Removal Top

StopSign will automatically remove this infection with a paid membership.

Summary Top
  • Name: Backdoor.Generic.1470
  • Aliases:
  • Date Discovered: 2008-02-13
  • Protection Added: 2008-03-07
Description Top 
-- Ease of Removal

1: Creates new registry entries with consistent data
2: Consistent file contents
3: Consistently named
4: Uses running processes

-- Privacy Risks/Security Changes

1: Opens backdoors
2: Mimics legitimate file names

-- Damage/Intrusion/Annoyance

1: Creates new files

-- Propagation/Saturation

1: Spreads through Peer-2-Peer software
Technical Details Top
  • Added Directory/File:
    FilePath: %WINDIR%\winhlp32.dat
  • Added Directory/File:
    FilePath: %SYSTEMDIR%\rdshost32.exe
  • Added Registry Data:
    Key: HKLM\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: %SYSTEMDIR%\rdshost32.exe