RDN/Generic BackDoor!62F0BCA82738

This page shows details and results of our analysis on the malware RDN/Generic BackDoor!62F0BCA82738

Overview

This is a Trojan detection. Unlike viruses, Trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include e-mail, malicious or hacked Web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.


Minimum DAT

7108 (2013-06-16)

Updated DAT

7108 (2013-06-16)

Minimum Engine

5400.1158

File Length

5013260

Description Added

2013-06-17

Description Modified

2013-06-17

Malware Proliferation

Characteristics

This is a Trojan

File PropertiesProperty Values
McAfee DetectionRDN/Generic BackDoor
Length5013260 bytes
MD562f0bca82738d0ec2c4895ea1b2d9763
SHA11296d72b8ba1763688c59b31125b91d86756e3e5


Other Common Detection Aliases

Company NamesDetection Names
avastWin32:Dropper-gen
AVG (GriSoft)BackDoor.Generic17.JBF (Trojan horse)
aviraTR/Drop.Injector.ijud
KasperskyTrojan.Win32.VBKrypt.oyxf
BitDefenderTrojan.Generic.9004108
Dr.WebBackDoor.Comet.152
FortiNetW32/VBKrypt.OYXF!tr
MicrosoftTrojanSpy:Win32/VB.EI
EsetMSIL/Injector.BKP
normanwinpe/Troj_Generic.LKZZY
pandaGeneric Malware
vba32TScope.Trojan.MSIL

Other brands and names may be claimed as the property of others.


ActivitiesRisk Levels
Enumerates many system files and directories.Low
Process attempts to call itself recursivelyLow
Adds or modifies Internet Explorer cookiesLow
No digital signature is presentInformational


McAfee ScansScan Detections
McAfee BetaRDN/Generic BackDoor
McAfee SupportedRDN/Generic BackDoor



System Changes

Some path values have been replaced with environment variables as the exact location may vary with different configurations.
e.g.
%WINDIR% = \WINDOWS (Windows 9x/ME/XP/Vista/7), \WINNT (Windows NT/2000)
%PROGRAMFILES% = \Program Files


The following files were analyzed:

1296D72B8BA1763688C59B31125B91D86756E3E5

The following files have been added to the system:

  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Languages\inst_kr.lng
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\idmtdi.cat
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Languages\tips_ar.txt
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\idmwfp64.sys
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\idmwfp.cat
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\idmfsa.dll
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\IDMGrHlp.exe
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\idmtdi64.sys
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Languages\tips_it.txt
  • %TEMP%\sof.exe
  • %USERPROFILE%\Desktop\Internet Download Manager Premium v6.15.8 Final.lnk
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Languages\inst_ua.lng
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Languages\idm_ar.lng
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Languages\idm_nl.lng
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Languages\idm_it.lng
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\IDMFType.dat
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Languages\template_inst.lng
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\idmwfp.inf
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\idmwfp32.sys
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Languages\tips_tr.txt
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Languages\inst_dk.lng
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\idmtdi32.sys
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\idmbrbtn64.dll
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\IDMIECC64.dll
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\IDMIECC.dll
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\IDMSetup2.log
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Languages\idm_pl.lng
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\idmbrbtn.dll
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Languages\inst_iw.lng
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Languages\inst_ptbr.lng
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\scheduler.chm
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Languages\idm_de.lng
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Languages\inst_fa.lng
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Languages\inst_cz.lng
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Languages\inst_chn.lng
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\tutor.chm
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Toolbar\3d_small_3.bmp
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\idman.chm
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\IDMan.exe
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\grabber.chm
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\downlWithIDM64.dll
  • %TEMP%\Internet Download Manager Premium v6.15.8 Final (Activated) Full Setup.exe
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\IEGetVL2.htm
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Languages\inst_th.lng
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\IDMGetAll64.dll
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\downlWithIDM.dll
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Languages\inst_id.lng
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Languages\tips_de.txt
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Languages\tips_pl.txt
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\idmcchandler2_64.dll
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Languages\tips_es.txt
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Languages\inst_ar.lng
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\idmmzcc.xpi
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\tips.txt
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Toolbar\3d_large_3.bmp
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Uninstall.ini
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Languages\idm_fa.lng
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Languages\tips_th.txt
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\IEGetAll.htm
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Uninstall.exe
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Languages\template.lng
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\IEGetVL.htm
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Download Software Full Version SoftVipDownload.com.url
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Toolbar\3d_largeHot_3.bmp
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\IDMGetAll.dll
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Languages\inst_src.lng
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\IDMIntegrator64.exe
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Languages\idm_fr.lng
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\IEMonitor.exe
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Languages\inst_it.lng
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\IEExt.htm
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Languages\tips_fr.txt
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\idmvs.dll
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Languages\tips_ptbr.txt
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Languages\idm_ptbr.lng
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\IDMNetMon.dll
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\IDMShellExt64.dll
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\IDMFType64.dll
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Toolbar\3d_style_3.tbi
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\idmtdi.inf
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\idmmkb.dll
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\idmBroker.exe
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\idmftype.dll
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\idmantypeinfo.tlb
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Languages\idm_tr.lng
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Languages\inst_ru.lng
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\IDMGCExt.crx
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\license.txt
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\defexclist.txt
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Languages\tips_nl.txt
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Languages\tips_ru.txt
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Languages\idm_ru.lng
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Languages\idm_es.lng
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\IDMNetMon64.dll
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Toolbar\3d_smallHot_3.bmp
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\IDMShellExt.dll
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Languages\inst_fr.lng
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Languages\inst_de.lng
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\idmcchandler2.dll
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Languages\idm_th.lng
  • %PROGRAMFILES%\S.P.D\Internet Download Manager Premium v6.15.8 Final\Languages\tips_fa.txt

The following files were temporarily written to disk then later removed:

  • %TEMP%\nsu8.tmp
  • %TEMP%\$inst\temp_0.tmp
  • %TEMP%\$inst\7.tmp
  • %TEMP%\$inst\4.tmp
  • %TEMP%\$inst\2.tmp
  • %TEMP%\$inst\8.tmp
  • %TEMP%\$inst\5.tmp

The following registry elements have been created:

  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\DWNLPANEL\
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\FOLDERSTREE\
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\FOLDERSTREE\COMPRESSED\
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\FOLDERSTREE\DOCUMENTS\
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\FOLDERSTREE\MUSIC\
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\FOLDERSTREE\PROGRAMS\
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\FOLDERSTREE\VIDEO\
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\CHROME\
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\FIREFOX\
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\FIREFOX\0\
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\FLASHPLAYERPLUGIN_11_6_602_171\
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\FLASHPLAYERPLUGIN_11_6_602_180\
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\IEXPLORE\
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\MOZILLA\
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\NETSCP\
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\OPERA\
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\PLUGIN-CONTAINER\
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\SAFARI\
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\SEAMONKEY\
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\SEAMONKEY\0\
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\MAXID\
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\MENUEXT\
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\SPECIALKEYS\
  • HKEY_LOCAL_MACHINE\SOFTWARE\INTERNET DOWNLOAD MANAGER\
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\INTERNET DOWNLOAD MANAGER PREMIUM V6.15.8 FINAL (ACTIVATED) \

The following registry elements have been changed:

  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\BNSHCONFDELUNCDLG = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\BSHBTTFQCI = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\BSHCHRINTTIP1 = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\BSHFF8TIP1 = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\BSHTIPDD = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\COMMONAPPDATAIDMFOLDER = C:\ProgramData\IDM\
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\CONNECTIONSPEED = 0
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\CONNECTIONTYPE = 0
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\DIALUPENTRY
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\DUPLLINKSA = 3
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\ENABLEDRIVER = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\EXCEPTIONSERVERS = *.update.microsoft.com download.windowsupdate.com siteseal.thawte.com ecom.cimetz.com *.voice2page.com
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\EXTENSIONS = 3GP 7Z AAC ACE AIF ARJ ASF AVI BIN BZ2 EXE GZ GZIP IMG ISO LZH M4A M4V MKV MOV MP3 MP4 MPA MPE MPEG MPG MSI MSU OGG OGV PDF PLJ PPS PPT QT R0* R1* RA RAR RM RMVB SEA SIT SITX TAR TIF TIFF WAV WMA WMV Z ZIP
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\FINDAPPS = 0
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\FSPSSETTINGSCHECKED = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\FSSETTINGSCHECKED = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\FTPPASIVE = 0
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMVERS = v6.15b7 Full
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\INTAOFRWE = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\INTEGRATENN = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\ISSSW_OK = 0
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\LARGEBUTTONS = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\LASTCHECK = 02/23/13
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\LASTINTRES = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\LAUNCHONSTART = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\MONITORURLCLIPBOARD = 0
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\MZCC_EXT_VERS = 7338
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\MZCC_VERS = 61507
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\NDESC7 = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\NDESC8 = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\RADXCNT = 47
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\REMEMBERLASTSAVE = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\SHOWTIPONFIRSTCATCH = 0
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\SORTORDER = 0
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\TIPFILEPOS = 1618
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\TIPSTARTUP = 0
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\TIPTIMESTAMP = Fri Oct 22 14:25:42 2010
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\TOOLBARSTATE_V5.11 = [binary data]
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\TOOLBARSTYLE = 3D Style
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\TRAYICON = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\USEFTPPROXY = 0
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\USEHTTPPROXY = 0
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\DWNLPANEL\3GP = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\DWNLPANEL\ASF = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\DWNLPANEL\AVI = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\DWNLPANEL\F4V = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\DWNLPANEL\FLV = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\DWNLPANEL\M4A = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\DWNLPANEL\M4V = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\DWNLPANEL\MOV = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\DWNLPANEL\MP3 = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\DWNLPANEL\MP4 = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\DWNLPANEL\MPEG = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\DWNLPANEL\MPG = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\DWNLPANEL\OGG = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\DWNLPANEL\OGV = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\DWNLPANEL\QT = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\DWNLPANEL\RM = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\DWNLPANEL\WAV = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\DWNLPANEL\WEBM = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\DWNLPANEL\WMA = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\DWNLPANEL\WMV = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\FOLDERSTREE\COMPRESSED\FORSITEONLY = 0
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\FOLDERSTREE\COMPRESSED\ID = 7
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\FOLDERSTREE\COMPRESSED\MASK = zip rar r0* r1* arj gz sit sitx sea ace bz2 7z
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\FOLDERSTREE\COMPRESSED\REMEMBERLASTPATH = 0
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\FOLDERSTREE\COMPRESSED\SITES
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\FOLDERSTREE\DOCUMENTS\FORSITEONLY = 0
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\FOLDERSTREE\DOCUMENTS\ID = 5
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\FOLDERSTREE\DOCUMENTS\MASK = doc pdf ppt pps
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\FOLDERSTREE\DOCUMENTS\REMEMBERLASTPATH = 0
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\FOLDERSTREE\DOCUMENTS\SITES
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\FOLDERSTREE\MUSIC\FORSITEONLY = 0
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\FOLDERSTREE\MUSIC\ID = 2
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\FOLDERSTREE\MUSIC\MASK = mp3 wav wma mpa ram ra aac aif m4a
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\FOLDERSTREE\MUSIC\REMEMBERLASTPATH = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\FOLDERSTREE\MUSIC\SITES
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\FOLDERSTREE\PROGRAMS\FORSITEONLY = 0
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\FOLDERSTREE\PROGRAMS\ID = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\FOLDERSTREE\PROGRAMS\MASK = exe msi
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\FOLDERSTREE\PROGRAMS\REMEMBERLASTPATH = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\FOLDERSTREE\PROGRAMS\SITES
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\FOLDERSTREE\VIDEO\FORSITEONLY = 0
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\FOLDERSTREE\VIDEO\ID = 3
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\FOLDERSTREE\VIDEO\MASK = avi mpg mpe mpeg asf wmv mov qt rm mp4 flv m4v webm ogv ogg
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\FOLDERSTREE\VIDEO\REMEMBERLASTPATH = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\FOLDERSTREE\VIDEO\SITES
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\CHROME\INT = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\CHROME\NAME = Google Chrome
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\FIREFOX\FOUND = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\FIREFOX\INT = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\FIREFOX\NAME = Mozilla Firefox
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\FIREFOX\PANELX = 20
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\FIREFOX\PANELY = 4294967285
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\FIREFOX\0\BENABLED = 0
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\FIREFOX\0\BEXTENSIONINSTALLED = 0
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\FIREFOX\0\BPLUGININSTALLED = 0
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\FIREFOX\0\EXE = %PROGRAMFILES%\Mozilla Firefox\firefox.exe
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\FIREFOX\0\ISEXTENSIONSUPPORTED = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\FIREFOX\0\ISFF15 = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\FIREFOX\0\VERS = 19.0
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\FLASHPLAYERPLUGIN_11_6_602_171\INT = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\FLASHPLAYERPLUGIN_11_6_602_171\NAME = Adobe Flash Player 11.6 r602
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\FLASHPLAYERPLUGIN_11_6_602_180\INT = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\FLASHPLAYERPLUGIN_11_6_602_180\NAME = Adobe Flash Player 11.6 r602
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\IEXPLORE\INT = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\IEXPLORE\NAME = Internet Explorer
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\MOZILLA\INT = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\MOZILLA\NAME = Mozilla
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\NETSCP\INT = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\NETSCP\NAME = Netscape 6 and later
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\OPERA\INT = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\OPERA\NAME = Opera
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\PLUGIN-CONTAINER\INT = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\PLUGIN-CONTAINER\NAME = Plugin Container for Firefox
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\SAFARI\INT = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\SAFARI\NAME = Apple Safari
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\SEAMONKEY\FOUND = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\SEAMONKEY\INT = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\SEAMONKEY\NAME = SeaMonkey
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\SEAMONKEY\0\BENABLED = 0
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\SEAMONKEY\0\BEXTENSIONINSTALLED = 0
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\SEAMONKEY\0\BPLUGININSTALLED = 0
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\SEAMONKEY\0\EXE = %PROGRAMFILES%\SeaMonkey\seamonkey.exe
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\SEAMONKEY\0\ISEXTENSIONSUPPORTED = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\SEAMONKEY\0\ISFF15 = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\IDMBI\SEAMONKEY\0\VERS = 2.15.2
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\MAXID\MAXID = 422
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\MENUEXT\FFDOWNL1_STR = Download with IDM
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\MENUEXT\FFDOWNL10FLV_STR = Choose from 10 last requested FLV videos
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\MENUEXT\FFDOWNL10FLVA_STR = Download FLV videos with IDM from 10 last requested
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\MENUEXT\FFDOWNLALL_STR = Download all links with IDM
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\MENUEXT\FFDOWNLFLV_STR = Download last requested FLV video
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\MENUEXT\FFDOWNLFLVA_STR = Download last requested FLV video with IDM
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\MENUEXT\FFDOWNLPPFLV_STR = Download FLV video with IDM
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\MENUEXT\IEDOWNL1_STR = Download with IDM
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\MENUEXT\IEDOWNLALL_STR = Download all links with IDM
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\SPECIALKEYS\ALTF = 0
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\SPECIALKEYS\ALTP = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\SPECIALKEYS\CHECKMOUSE = 0
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\SPECIALKEYS\CTRLF = 0
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\SPECIALKEYS\CTRLP = 0
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\SPECIALKEYS\INSF = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\SPECIALKEYS\SHIFTF = 0
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\SPECIALKEYS\SHIFTP = 0
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\SPECIALKEYS\SKIPHTML = 1
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\SPECIALKEYS\USEKEYTOFORCE = 0
  • HKEY_CURRENT_USER\SOFTWARE\DOWNLOADMANAGER\SPECIALKEYS\USEKEYTOPREVENT = 1
  • HKEY_LOCAL_MACHINE\SOFTWARE\INTERNET DOWNLOAD MANAGER\ADVINTDRIVERENABLED2 = 1
  • HKEY_LOCAL_MACHINE\SOFTWARE\INTERNET DOWNLOAD MANAGER\EMAIL = test@[Domain Removed]
  • HKEY_LOCAL_MACHINE\SOFTWARE\INTERNET DOWNLOAD MANAGER\FNAME = By
  • HKEY_LOCAL_MACHINE\SOFTWARE\INTERNET DOWNLOAD MANAGER\INSTALLSTATUS = 3
  • HKEY_LOCAL_MACHINE\SOFTWARE\INTERNET DOWNLOAD MANAGER\LNAME = - KeyGenPremium.com
  • HKEY_LOCAL_MACHINE\SOFTWARE\INTERNET DOWNLOAD MANAGER\SERIAL = 12345-67890-09876-54321
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\INTERNET DOWNLOAD MANAGER PREMIUM V6.15.8 FINAL (ACTIVATED) \DISPLAYICON = %PROGRAMFILES%\S.P.D.\Internet Download Manager Premium v6.15.8 Final\Uninstall.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\INTERNET DOWNLOAD MANAGER PREMIUM V6.15.8 FINAL (ACTIVATED) \DISPLAYNAME = Internet Download Manager Premium v6.15.8 Final (Activated) Full
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\INTERNET DOWNLOAD MANAGER PREMIUM V6.15.8 FINAL (ACTIVATED) \DISPLAYVERSION = (Activated) Full
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\INTERNET DOWNLOAD MANAGER PREMIUM V6.15.8 FINAL (ACTIVATED) \ESTIMATEDSIZE = 10355
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\INTERNET DOWNLOAD MANAGER PREMIUM V6.15.8 FINAL (ACTIVATED) \HELPLINK = mailto:support@[Domain Removed]
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\INTERNET DOWNLOAD MANAGER PREMIUM V6.15.8 FINAL (ACTIVATED) \INSTALLDATE = 20121114
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\INTERNET DOWNLOAD MANAGER PREMIUM V6.15.8 FINAL (ACTIVATED) \INSTALLLOCATION = %PROGRAMFILES%\S.P.D.\Internet Download Manager Premium v6.15.8 Final\
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\INTERNET DOWNLOAD MANAGER PREMIUM V6.15.8 FINAL (ACTIVATED) \INSTALLSOURCE = %TEMP%\
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\INTERNET DOWNLOAD MANAGER PREMIUM V6.15.8 FINAL (ACTIVATED) \LANGUAGE = 1033
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\INTERNET DOWNLOAD MANAGER PREMIUM V6.15.8 FINAL (ACTIVATED) \NOMODIFY = 1
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\INTERNET DOWNLOAD MANAGER PREMIUM V6.15.8 FINAL (ACTIVATED) \NOREPAIR = 1
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\INTERNET DOWNLOAD MANAGER PREMIUM V6.15.8 FINAL (ACTIVATED) \PUBLISHER = S.P.D.
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\INTERNET DOWNLOAD MANAGER PREMIUM V6.15.8 FINAL (ACTIVATED) \UNINSTALLSTRING = %PROGRAMFILES%\S.P.D.\Internet Download Manager Premium v6.15.8 Final\Uninstall.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\INTERNET DOWNLOAD MANAGER PREMIUM V6.15.8 FINAL (ACTIVATED) \URLINFOABOUT = http://www.Company.com
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\INTERNET DOWNLOAD MANAGER PREMIUM V6.15.8 FINAL (ACTIVATED) \VERSIONMAJOR = 0
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\INTERNET DOWNLOAD MANAGER PREMIUM V6.15.8 FINAL (ACTIVATED) \VERSIONMINOR = 0

Symptoms

This symptoms of this detection are the files, registry, and network communication referenced in the characteristics section.

Method of Infection

Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, e-mail, etc.

Removal

All Users:

Please use the following instructions for all supported versions of Windows to remove threats and other potential risks:

1.Disable System Restore .

2.Update to current engine and DAT files for detection and removal.

3.Run a complete system scan.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

1. Please go to the Microsoft Recovery Console and restore a clean MBR.

On windows XP:

Insert the Windows XP CD into the CD-ROM drive and restart the computer.
When the "Welcome to Setup" screen appears, press R to start the Recovery Console.
Select the Windows installation that is compromised and provide the administrator password
Issue 'fixmbr' command to restore the Master Boot Record
Follow onscreen instructions
Reset and remove the CD from CD-ROM drive.


On Windows Vista and 7:

Insert the Windows CD into the CD-ROM drive and restart the computer.
Click on "Repair Your Computer"
When the System Recovery Options dialog comes up, choose the Command Prompt.
Issue 'bootrec /fixmbr' command to restore the Master Boot Record
Follow onscreen instructions
Reset and remove the CD from CD-ROM drive.

Variants