Home Malware Programs Backdoors Backdoor.Win32.Bredolab.obk

Backdoor.Win32.Bredolab.obk

Posted: August 17, 2011

Backdoor.Win32.Bredolab.obk is a backdoor Trojan that attempts to assist criminals in controlling any computers that Backdoor.Win32.Bredolab.obk infects. Although Backdoor.Win32.Bredolab.obk is a relatively new Trojan threat, SpywareRemove.com malware experts have found that some anti-malware programs may detect Backdoor.Win32.Bredolab.obk heuristically due to the common code obfuscation techniques that Backdoor.Win32.Bredolab.obk uses. Nonetheless, updating your anti-malware software to protect your PC from Backdoor.Win32.Bredolab.obk attack is highly advisable. Once on your PC, Backdoor.Win32.Bredolab.obk will launch and maintain itself automatically while allowing criminals to force your PC to participate in DDoS attacks and other crimes. As such, SpywareRemove.com malware experts rate this Trojan as a serious violation of both security and privacy until you've removed Backdoor.Win32.Bredolab.obk with appropriate security software.

How Backdoor.Win32.Bredolab.obk Skirts Around Your PC Security

Backdoor.Win32.Bredolab.obk is a Visual Basic-based Trojan that uses standard loader techniques to avoid being detected; as such, Backdoor.Win32.Bredolab.obk is also identified by the heuristic alias of VirTool:Win32/VBInject.gen!ET. The use of Trojans allows Backdoor.Win32.Bredolab.obk avoid being detected by specialized security software and may also allow Backdoor.Win32.Bredolab.obk to recover from partial deletions (if your software deletes Backdoor.Win32.Bredolab.obk's loader but not its primary code, or vice versa).

SpywareRemove.com malware researchers have found that Backdoor.Win32.Bredolab.obk outbreaks have occurred as late as August of 2011, and updates for your anti-malware programs may be the only thing that stands in-between your PC and a Backdoor.Win32.Bredolab.obk attack. Since the majority of Backdoor.Win32.Bredolab.obk's behavior uses Registry changes and equally stealthy techniques to act, you may not be able to tell that Backdoor.Win32.Bredolab.obk is on your PC at all, save for watching for minor symptoms like changed firewall or network settings.

The Perils That Backdoor.Win32.Bredolab.obk Can Unleash at Its Leisure

Like many other backdoor Trojans, such as Trojan.Win32.Patched.mf, Backdoor:Win32/Smadow, Trojan.Win32.Riern or Trojan Downloader.mb, Backdoor.Win32.Bredolab.obk can be configured to cause a variety of attacks. Probable Backdoor.Win32.Bredolab.obk behavior includes the following:

  • Backdoor.Win32.Bredolab.obk can lower your network security to make your PC vulnerable to other attacks, including potential remote control by criminals. Exceptions added to your firewall and opened ports are two of the most common signs of such security assaults.
  • Backdoor.Win32.Bredolab.obk may download other forms of malicious software, such as rogue security programs, keyloggers or other spyware, ransomware Trojans, dropper Trojans, viruses or worms. These installations may or may not be particularly visible; highly-visible malicious programs include such modern examples as Protection Shield Pro and Windows System Manager, while less-visible ones such as Zeus Keylogger or Worm.Win32.VBKrypt.m are equally likely to be installed.

SpywareRemove.com malware analysts have found that Backdoor.Win32.Bredolab.obk makes significant Registry modifications, including the addition of an automatic startup entry that launches Backdoor.Win32.Bredolab.obk whenever Windows starts to load. Although Safe Mode or booting from another source (such as a USB drive) can stop Backdoor.Win32.Bredolab.obk from launching, the best way to be permanently rid of Backdoor.Win32.Bredolab.obk is to use appropriate anti-malware software to delete Backdoor.Win32.Bredolab.obk and related infections.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%WINDIR%\ system32\ drivers\ PDRV.sys File name: %WINDIR%\ system32\ drivers\ PDRV.sys
File type: System file
Mime Type: unknown/sys
%WINDIR%\ system32\ swe.dll File name: %WINDIR%\ system32\ swe.dll
File type: Dynamic link library
Mime Type: unknown/dll
%WINDIR%\ system32\ drivers\ mas.sys File name: %WINDIR%\ system32\ drivers\ mas.sys
File type: System file
Mime Type: unknown/sys
%WINDIR%\ system32\ mas.dll File name: %WINDIR%\ system32\ mas.dll
File type: Dynamic link library
Mime Type: unknown/dll

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\BifrostHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MediaResources\msvideoHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4621BB1A-72FD-92DE-4A6D-E117352057B1}HKEY_CURRENT_USER\Software\BifrostHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MediaResources\msvideo
Loading...