Home / malware Backdoor:Win32/Leenstic.C
First posted on 22 July 2014.
Source: MicrosoftAliases :
There are no other names known for Backdoor:Win32/Leenstic.C.
Explanation :
Threat behavior
Installation
Backdoor:Win32/Leenstic.C copies itself to c:\documents and settings\administrator\application data\226237.exe. The malware changes the following registry entries so that it runs each time you start your PC:
In subkey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Sets value: "InstallShield Update Service"
With data: "c:\documents and settings\administrator\application data\226237.exe"
Payload
Allows backdoor access and control
Backdoor:Win32/Leenstic.C gives a hacker access and control of your PC. They can then perform a number of different actions, including:
- Downloading and running files
- Uploading files
- Spreading malware to other PCs
- Logging your keystrokes or stealing your sensitive data
- Modifying your system settings
- Running or stopping applications
- Deleting files
This malware description was produced and published using automated analysis of file SHA1 cae5570000de5b76a8208f56ed947ac7709c0cbe.Symptoms
System changes
The following could indicate that you have this threat on your PC:
- You have these files:
c:\documents and settings\administrator\application data\226237.exe
- You see these entries or keys in your registry:
Sets value: "InstallShield Update Service"
With data: "c:\documents and settings\administrator\application data\226237.exe"
In subkey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunLast update 22 July 2014
