Home / malwarePDF  

Backdoor.Emdivi


First posted on 18 October 2014.
Source: Symantec

Aliases :

There are no other names known for Backdoor.Emdivi.

Explanation :

The Trojan may arrive through an email attachment.

When the Trojan is executed, it creates the following files: %Temp%\kptl.doc%Temp%\leassnp.exe
Next, the Trojan creates the following file so that it runs every time Windows starts: %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\Startup\leassnp.lnk
The Trojan may then perform the following actions: Connect to remote locationsOpen a back door

Last update 18 October 2014

 

TOP