Home / malware Backdoor:Win32/Samdy.A
First posted on 01 October 2014.
Source: MicrosoftAliases :
There are no other names known for Backdoor:Win32/Samdy.A.
Explanation :
Threat behavior Backdoor:Win32/Samdy.A is a trojan that allows unauthorized access and control of an affected computer.
Installation
Backdoor:Win32/Samdy.A creates the following files on your PC:
- c:\documents and settings\administrator\local settings\application data\microsoft\internet explorer\recovery\active\recoverystore.{728f3f08-2e34-11e4-8379-00db7fa2100a}.dat
- c:\documents and settings\administrator\local settings\application data\microsoft\internet explorer\recovery\active\recoverystore.{728f6618-2e34-11e4-8379-00db7fa2100a}.dat
- c:\documents and settings\administrator\local settings\temp\~dfd053.tmp
- c:\documents and settings\administrator\local settings\temp\~dfd056.tmp
Payload
Allows backdoor access and control
Backdoor:Win32/Samdy.A gives a hacker access and control of your PC. They can then perform a number of different actions, including:
- Downloading and running files
- Uploading files
- Spreading malware to other PCs
- Logging your keystrokes or stealing your sensitive data
- Modifying your system settings
- Running or stopping applications
- Deleting files
This malware description was produced and published using automated analysis of file SHA1 fcf93d392cdbcf457843bc75859669aa6a3cdc2e.Symptoms
System changes
The following could indicate that you have this threat on your PC:
- You have these files:
c:\documents and settings\administrator\local settings\application data\microsoft\internet explorer\recovery\active\recoverystore.{728f3f08-2e34-11e4-8379-00db7fa2100a}.dat
c:\documents and settings\administrator\local settings\application data\microsoft\internet explorer\recovery\active\recoverystore.{728f6618-2e34-11e4-8379-00db7fa2100a}.dat
c:\documents and settings\administrator\local settings\temp\~dfd053.tmp
c:\documents and settings\administrator\local settings\temp\~dfd056.tmpLast update 01 October 2014
