Home / malware Backdoor:Win32/Mdmbot.C
First posted on 07 April 2010.
Source: SecurityHomeAliases :
Backdoor:Win32/Mdmbot.C is also known as Win-Trojan/Mdmbot.8192 (AhnLab), Backdoor.Mdmbot.B (VirusBuster), Win32/Hydraq.A (CA), Roarur.dll (McAfee), Trojan.Hydraq (Symantec), TROJ_HYDRAQ.H (Trend Micro).
Explanation :
Backdoor:Win32/Mdmbot.C is a DLL file used by Backdoor:Win32/Mdmbot.B to obtain backdoor access and control to the affected computer.
Top
Backdoor:Win32/Mdmbot.C usually arrives in the computer as:<system folder>\VedioDriver.dll Note - <system folder> refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the System folder for Windows 2000 and NT is C:\Winnt\System32; and for XP, Vista, and 7 is C:\Windows\System32. This file is used by Backdoor:Win32/Mdmbot.B to obtain backdoor access and control to the affected computer. Using Mdmbot.C, Mdmbot.B can be used by an attacker to perform a number of different actions, including:Deleting itself Clearing the system log Deleting the file <system folder>\drivers\etc\networks.ics Retrieving CPU information from the following registry entry:
HKLM\HARDWARE\DESCRIPTION\System\CentralProcessor\0Shutting down the affected computer
Analysis by Andrei Florin SaygoLast update 07 April 2010
