What does Win32.Backdoor.Beasty does?

Backdoor.Beastdoor embeds itself into explorer.exe and iexplore.exe which can run without notice by the user. This trojan behaves as a backdoor which can be configure to disable firewalls and AV applications. Once run, it allows attacker to gain access and control over the infected machine. This trojan is also capable of sending notification to the attacker via email and ICQ.

When Backdoor.Beasty.E is executed, it does the following:

  1. Copies itself as these files:
    • %Windows%\Svchost.exe
    • %System%\Wbem\Wb.com
    • %System%\Com\Mscom32.com
  2. Creates the registry key:HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\
    {45DD0432-AA51-31EF-EEFA-06AA12E6115C}\StubPath = %System%\wbem\wb.com
  3. Adds the value:COM Service %System%\COM\mscom32.comto the registry key:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
    Policies\Explorer
  4. May add the value, shell32.pif to the following registry keys:HKEY_CLASSES_ROOT\comfile\shell\open\command
    HKEY_CLASSES_ROOT\exefile\shell\open\command
    HKEY_CLASSES_ROOT\piffile\shell\open\command
    so that the Trojan is executed each time you execute a .com, .exe, or .pif file.

Other Names of Win32.Backdoor.Beasty

  • Backdoor.Beastdoor.HF [PCTools]
  • Backdoor.Beasty.G [Symantec]
  • Backdoor.Win32.Beastdoor.av [Kaspersky Lab]
  • BackDoor-AMQ [McAfee]
  • BKDR_BEASTDOOR.D [Trend Micro]

Recommendation:

If you have got any trace of Win32.Backdoor.Beasty on your system, we suggest you to take immediate steps for its detection and removal from your system.

Free Scan for Win32.Backdoor.Beasty