Home / malware Backdoor:Win32/Plugx.K!dha
First posted on 20 January 2015.
Source: MicrosoftAliases :
There are no other names known for Backdoor:Win32/Plugx.K!dha.
Explanation :
Threat behavior
Installation
Backdoor:Win32/Plugx.K creates the following files on your PC:
- %windir%\assembly\nativeimages_v2.0.50727_32\temp\zap10.tmp\system.addin.contract.dll
- %windir%\assembly\nativeimages_v2.0.50727_32\temp\zape.tmp\microsoft.visualbasic.dll
- %windir%\assembly\nativeimages_v2.0.50727_32\temp\zapf.tmp\system.addin.dll
- c:\documents and settings\all users\drm\rastls\rhwsvhpsxkpyvegd
Payload
Allows backdoor access and control
Backdoor:Win32/Plugx.K gives a hacker access and control of your PC. They can then perform a number of different actions, including:
- Downloading and running files
- Uploading files
- Spreading malware to other PCs
- Logging your keystrokes or stealing your sensitive data
- Modifying your system settings
- Running or stopping applications
- Deleting files
This malware description was produced and published using automated analysis of file SHA1 cd29c4cd11cc04bf8a58f25dfbc977c673eca322.Symptoms
System changes
The following could indicate that you have this threat on your PC:
%windir%\assembly\nativeimages_v2.0.50727_32\temp\zap10.tmp\system.addin.contract.dll
- You have these files:
%windir%\assembly\nativeimages_v2.0.50727_32\temp\zape.tmp\microsoft.visualbasic.dll
%windir%\assembly\nativeimages_v2.0.50727_32\temp\zapf.tmp\system.addin.dll
c:\documents and settings\all users\drm\rastls\rhwsvhpsxkpyvegdLast update 20 January 2015