DBdoor

Posted: March 28, 2006

DBdoor is a nasty keylogger that tracks user's local and Internet activity, logs all keystrokes and mouse clicks, takes screenshots, captures all outgoing and received e-mail messages and records passwords. Then it sends gathered data to a predefined e-mail address. DBdoor modifies computer configuration in order to hide its presence and activity. DBdoor automatically launches on every Windows startup.

File System Modifications

The following files were created in the system:

# File Name

1 bidbfn.exe

2 d6ixjee.sys

3 libeay32.dll

4 ssleay32.dll

5 systen.dll

#	File Name
1	bidbfn.exe
2	d6ixjee.sys
3	libeay32.dll
4	ssleay32.dll
5	systen.dll

Registry Modifications

The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvancedHidden=0HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvancedShowSuperHidden=0HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvancedStart_ShowRecentDocs=0HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvancedStart_ShowSearch=0HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvancedSuperHidden=0HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerSearchHidden=0HKEY_CURRENT_USERSoftwareMicrosoftWindowsNTCurrentVersionWindowsRunidbfn.exe

DBdoor

File System Modifications

Registry Modifications

Leave a Reply