Home / malwarePDF  

Backdoor:Win32/Optixpro.T


First posted on 05 September 2019.
Source: Microsoft

Aliases :

There are no other names known for Backdoor:Win32/Optixpro.T.

Explanation :

Win32/Optixpro.T can take the following actions, many of which are configurable by the attacker: Copy itself to a location specified in a configuration section of the Trojan file. Disable security-related and other programs. Display false error messages. Run programs that it downloads from a Web site. Open a backdoor that allows an attacker to: Terminate processes. Run programs remotely. Retrieve system information, passwords, and keystroke logs. Exchange files, scan and redirect ports, and set up an FTP or SOCKS server. Log off the current user and restart, suspend, shut down, or crash (Windows 9x only) the computer. Cause problems with peripherals, such as swapping mouse buttons, flashing keyboard lights, and enabling or disabling the mouse or keyboard. Cause problems with the display, such as showing and hiding windows, drawing text on the screen, and turning the monitor on or off.  Win32/Optixpro.T has other functions that can be configured, such as: Startup method. The attacker can use Windows resources such as files, registry settings or Active Setup components to start the Trojan automatically. Programs or Windows resources to use, hide, modify, or terminate. For instance, the Trojan can modify the registry so that the Trojan runs each time an executable file runs. The Trojan can also drop a rootkit to hide files and registry keys. Methods of exchanging data. For example, the attacker can specify the port and password for the backdoor. The attacker can also specify the way to be notified that a computer has been infected, such as through ICQ, IRC, e-mail, MSN Messenger, or a Web site.

Last update 05 September 2019

 

TOP