“Generic backdoor!csb” is a backdoor that allows unauthorized access and control of a compromised computer to the remote attacker.
Upon execution, the trojan creates browser instances and connects to the following remote ip addresses and performs backdoor activity.
-
- 68.178.[removed] through remote port 80
- 86.128.[removed] through remote port 82
After execution the Trojan copies itself into the following location.
-
- %WinDir%\system32\install\server.exe [Detected as Generic BackDoor!csb]
The following files have been dropped
-
- %AppData%\Microsoft\Crypto\RSA\S-1- [Varies]\f9992b1ed3cdc054077ba50d8115ad69_e8d86675-b8d2-4ee6-876c-55cb6f7c0018 [Data file]
- %AppData%\SQLite3.dll [Data file]
- %Userprofile%\Cookies\[User Name]@server[1].txt [Data file]
- %Temp%\29514437.tmp [Data file]
- %Temp%\UuU.uUu [Data file]
- %Temp%\XxX.xXx [Data file]
- %Userprofile%\Local Settings\Temporary Internet Files\Content.IE5\JRPRBYW8\sqlite3[1].dll [Data file]
The following Registry keys have been added
-
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3846A813-G1PX-GP34-W10Y-73675R5K48GI}
- HKEY_USERS\S-1-[Varies]\Software\vima
The following registry Values have been added
-
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3846A813-G1PX-GP34-W10Y-73675R5K48GI}\]
StubPath = “%WinDir%\system32\install\server.exe” - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\]
Policies = “%WinDir%\system32\install\server.exe” - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\]
HKLM = “%WinDir%\system32\install\server.exe” - [HKEY_USERS\S-1-[Varies]\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\]
Policies = “%WinDir%\system32\install\server.exe” - [HKEY_USERS\S-1-[Varies]\Software\Microsoft\Windows\CurrentVersion\Run\]
HKCU = “%WinDir%\system32\install\server.exe”
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3846A813-G1PX-GP34-W10Y-73675R5K48GI}\]
The above registry entries confirm that, the Trojan “server.exe” executes every time when windows reboots.
-
- [HKEY_USERS\S-1-[Varies]\Software\vima\]
FirstExecution: “Date and Time of execution” - [HKEY_USERS\S-1-[Varies]\Software\vima\]
NewIdentification = “vima”
- [HKEY_USERS\S-1-[Varies]\Software\vima\]
The following folder has been added
-
- %WinDir%\system32\install
[Note : %WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000) %SystemDir% = \WINDOWS\SYSTEM (Windows 98/ME), \WINDOWS\SYSTEM32 (Windows XP/Vista), \WINNT\SYSTEM32 (Windows NT/2000)
%Userprofile% - C:\Documents and Settings\[UserName]
%Temp% – C:\Documents and Settings\[UserName]\Local Settings\Temp
%AppData% – C:\Documents and Settings\Avert\Application Data]
Hello, i feel that i saw you visited my site so i got here to return the want?.I’m attempting to in finding things to enhance my website!I suppose its good enough to use a few of your ideas!!
Best Ways To Find Good Directory…
[...]We all know that right knowledge can be very important when we are doing something new and especially if it is something very important..[...]…
Superb website…
following are some url links to websites online which I link to for the fact we think there’re worthy of visiting…
Sources…
[...]check below, are some totally unrelated websites to ours, however, they are most trustworthy sources that we use[...]……
Websites worth visiting…
[...]here are some links to sites that we link to because we think they are worth visiting[...]……
Websites we think you should visit…
[...]although websites we backlink to below are considerably not related to ours, we feel they are actually worth a go through, so have a look[...]……
Another Title…
I saw this really good post today….
Amazing…
Thank you for provide good information about this, this content must be write by expert…
2011…
Thanks for the sensible critique. Me & my neighbor were just preparing to do some research on this. We got a grab a book from our local library but I think I learned more clear from this post. I am very glad to see such wonderful information being shar…
Sources…
[...]here are some links to sites that we link to because we think they are worth visiting[...]…
cool shower curtains…
[...]we came across a cool web-site which you may delight in. Take a search should you want[...]…
work on the internet…
[...]please check out the sites we follow, such as this a single, as it represents our picks from the web[...]…
Great website for NFL Shopping…
[...]This website so great to supply Premier NFL MLB NHL NBA Jerseys[...]…
Cheap Cowboys Jerseys 2011…
http://www.buffalobillsnfljersey.com/products/NFL-Jerseys-18/Dallas-Cowboys-424/…
English bulldog puppy for sale…
[...]please check out the sites we comply with, like this one particular, because it represents our picks through the web[...]…
Google…
[...]we prefer to honor lots of other net web-sites on the web, even if they aren?t linked to us, by linking to them. Beneath are some webpages really worth checking out[...]…
نصل باعلانك الى فضائات لاتتخيلها راسلنا لنشر روابط موقعك في 10000 مدونة…
Auto Trackback By http://bit.ly/nOtUqT ترافيك اب…
ukash…
ukash kart…
borsa…
borsa haberleri…
kabin…
standart kabin…
Como tocar la guitara…
Aprender a tocar la guitara electrica…
Manzara…
manzara resimleri…
engagement rings…
wedding rings…
toptan mallar…
toptan mallar…
Flash Oyunlar…
Oyunlar…
Recommended websites…
[...]Here are some of the web sites we suggest for our visitors[...]……
Artichoke Extract Health Benefits…
[...]…
Dear webmaster…
thanks for the hard work you do to keep this alive updated regularly….
hey there and thank you for your info – I have definitely picked up something new from right here. I did however expertise several technical issues using this site, as I experienced to reload the website many times previous to I could get it to load correctly. I had been wondering if your web hosting is OK? Not that I’m complaining, but sluggish loading instances times will very frequently affect your placement in google and can damage your high quality score if ads and marketing with Adwords. Well I’m adding this RSS to my e-mail and could look out for a lot more of your respective intriguing content. Ensure that you update this again very soon..
Do you see that you are very gifted economics thesis creator and the custom dissertation services can not equate with your writing professionalism. If you keep on doing the things like that, some people would buy thesis theme connecting with this good topic not only from thesis service, but order from you as well.
On the complicated way to the academic grade guys could order doctoral thesis close to this post at buy thesis service or buy dissertation service.
Trying to get mote traffic to your website? It’s easy! Just order rss submission at rss directory submission service.
The issue about this good topic seems to be superior! Hence students not should compose the thesis or thesis research by their own efforts, they would take your help.
Different students have to handle essay thesis about this good topic in a correct way, just because they will need that a buy thesis service in future.
Do you have troubles with your poetry essays completing assignment? Do not be worried, explore and find famous essay writing service to ease your writing issues and feel yourself free.
The facts just about this topic are presented by the custom writing service so, students can buy an essay and pre written essay about it.
I am really happy with this site…
I am really happy with this site. After reading your post I can tell you are excited about your writing. If only I had your writing ability. I look forward to more updates and will be returning. Thanks!…
thanx alot…
Auto Trackback by Al khafji Team Flow us on Twitter…
You should waste a lot of free time to create your term papers, however a professional custom essay writing service would be able to do it twice faster. What for complete research papers? Wtiting firms will do that for you.
Thanks for taking this opportunity to discuss this…
Thanks for taking this opportunity to discuss this, I feel fervently about this and I like learning about this subject. If possible, as you gain information, please update this blog with more information. I have found it really useful….
Thanks for taking this opportunity to discuss this…
Thanks for taking this opportunity to discuss this, I feel fervently about this and I like learning about this subject. If possible, as you gain information, please update this blog with more information. I have found it really useful….
We’ve generally heard been recently needing near to inside your web-site proper after I noticed about these from a close pal and was delighted when I was in a position to acquire it pursuing seeking out for some time. href=”http://http://bucuresti.buysale.ro/anunturi/bucuresti.html.”>Anunturi Bucuresti
I opine that you do know how difficult could the custom research paper composing be. Nevertheless, you must not be disappointed, simply because the writing services present the admission services essays and there is no problem to buying essay papers and be satisfied.
I opine that this is not smart to consume valuable time performing the literature essays. Lots of people come other way! They don’t create the buying essays online papers themselves. They buy academic paper at the trustworthy essays writing service.