Home / malware

PDF

Backdoor:Win32/Fynloski.M

First posted on 23 May 2014.
Source: Microsoft

Aliases :

There are no other names known for Backdoor:Win32/Fynloski.M.

Explanation :

Threat behavior

Installation

Backdoor:Win32/Fynloski.M copies itself to c:\documents and settings\administrator\my documents\msdcsc\msdcsc.exe. The malware changes the following registry entries so that it runs each time you start your PC:

Sets value: "Userinit"
With data: "c:\windows\system32\userinit.exe,c:\documents and settings\administrator\my documents\msdcsc\msdcsc.exe"
In subkey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon The malware uses code injection to make it harder to detect and remove. It can inject code into running processes, including the following:

• notepad.exe

Payload

Allows backdoor access and control

Backdoor:Win32/Fynloski.M gives a malicious hacker access and control of your PC. They can then perform a number of different actions, including:

• Downloading and running files
• Uploading files
• Spreading malware to other PCs
• Logging your keystrokes or stealing your sensitive data
• Modifying your system settings
• Running or stopping applications
• Deleting files

This malware description was produced and published using automated analysis of file SHA1 b420f2e42a30c8a1f0b95d7655bb94e52f7f34cd.Symptoms

System changes

The following could indicate that you have this threat on your PC:

• You have these files:
  
  c:\documents and settings\administrator\my documents\msdcsc\msdcsc.exe

• You see these entries or keys in your registry:
  
  Sets value: "Userinit"
  With data: "c:\windows\system32\userinit.exe,c:\documents and settings\administrator\my documents\msdcsc\msdcsc.exe"
  In subkey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Last update 23 May 2014

 

TOP