Home Malware Programs Backdoors Backdoor.Lokidok

Backdoor.Lokidok

Posted: April 3, 2014

Threat Metric

Ranking: 9,632
Threat Level: 1/10
Infected PCs: 1,365
First Seen: April 3, 2014
Last Seen: October 8, 2023
OS(es) Affected: Windows


Backdoor.Lokidok is a Trojan that may open a back door on the affected computer system. When Backdoor.Lokidok is executed, it creates the potentially malicious files. Backdoor.Lokidok modifies the registry entries. Backdoor.Lokidok may then carry out the potentially malicious actions such as monitor the network for specially crafted ICMP packets, decrypt data from ICMP packets and use it as a parameter for running %System%\cmd.exe and encrypt data and transfer it to the IP address that sent the ICMP packets.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%System%\scardsrv.exe File name: %System%\scardsrv.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%System%\cvpnd.exe File name: %System%\cvpnd.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\{Value}HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\helpsvc\Parameters\"ServiceDll" = "[THREAT FILE PATH]"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\irmon\Parameters\"ServiceDll" = "[THREAT FILE PATH]"

Additional Information

The following URL's were detected:
quickusermanuals.com
Loading...