BKDR_PROTUX.BD - Description and solution

TrendLabs Malware Blog

Glossary

TrendWatch

TrendLabs Twitter

BKDR_PROTUX.BD

Overview

Solution

Technical Details

Malware type: Backdoor

Aliases: No Alias Found

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:
Damage potential:		High
Distribution potential:		Low

Description:

To get a one-glance comprehensive view of the behavior of this malware, refer to the Threat Diagram shown below.

BKDR_PROTUX.BD Behavior Diagram

Malware Overview

This backdoor may be dropped by the following malware:

TROJ_PIDIEF.WIN

It creates a temporary copy of itself as %UserTemp%\~~ then deletes it afterwards. It also creates the following empty files in %UserTemp% and attempts to execute it:

~1.tmp
Adobe.pdf

It also attempts to connect to the following IP address:

{BLOCKED}.{BLOCKED}.165.42

It terminates processes that contain any of the following strings, if found running in memory:

AcroRd32.exe

It runs on Windows 98, ME, NT, 2000, XP, and Server 2003.

For additional information about this threat, see:
Solution
Technical Details

Description created: Sep. 29, 2009 7:58:28 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.