Home / malware Backdoor:Win32/Esforsho.B
First posted on 17 December 2013.
Source: MicrosoftAliases :
There are no other names known for Backdoor:Win32/Esforsho.B.
Explanation :
Threat behavior Backdoor:Win32/Esforsho.B is a trojan that allows unauthorized access and control of an affected computer.
Installation
Backdoor:Win32/Esforsho.B creates the following files on your computer:
- %programfiles%\common files\microsoft shared\mssign16.dll - detected as Backdoor:Win32/Esforsho.A
- c:\documents and settings\administrator\local settings\temp\~tme.tmp - detected as Backdoor:Win32/Esforsho.B
- c:\documents and settings\administrator\local settings\temp\wer52a2.dir00\svchost.exe.mdmp
Payload
Allows backdoor access and control
Backdoor:Win32/Esforsho.B allows unauthorized access and control of your PC. A hacker can perform a number of different actions, including:
- Downloading and runnning files
- Uploading files
- Spreading to other computers
- Logging your keystrokes or stealing your sensitive data
- Modifying your system settings
- Running or terminating applications
- Deleting files
This malware description was produced and published using our automated analysis system's examination of file SHA1 4422ae9123635094f448c3e23bc52e42ca939806.Symptoms
System changes
The following could indicate that you have this threat on your PC:
- The presence of the following files:
%programfiles%\common files\microsoft shared\mssign16.dll
c:\documents and settings\administrator\local settings\temp\~tme.tmp
c:\documents and settings\administrator\local settings\temp\wer52a2.dir00\svchost.exe.mdmpLast update 17 December 2013
