Home Malware Programs Backdoors Backdoor.win32.scrab.p

Backdoor.win32.scrab.p

Posted: August 22, 2011

Backdoor.win32.scrab.p is both, a potentially legitimate threat to your computer's security as well as a fake alert that's used by Trojans that install rogue security programs. Because the nature of a Backdoor.win32.scrab.p attack can vary so widely, you should try to use real security software to determine which type of Backdoor.win32.scrab.p infection is on your PC, although fake Backdoor.win32.scrab.p alerts are also associated with security software-disabling attacks. SpywareRemove.com malware analysts have found that a genuine Backdoor.win32.scrab.p is a backdoor Trojan that will reduce your PC security to smoking ruins, so that criminals can control your computer while a fake Backdoor.win32.scrab.p alert only exists to make you panic and install scamware. To regain access to your security programs and remove the Backdoor.win32.scrab.p threat from your computer, you can use standard malware-disabling strategies (such as Safe Mode) along with an anti-malware scanner that's powerful enough to avoid typical backdoor Trojan attacks.

A Real Backdoor.win32.scrab.p for a Real PC Security Danger

Although many modern Backdoor.win32.scrab.p attacks are fake, the possibility of any Backdoor.win32.scrab.p infection being a real one is very genuine. SpywareRemove.com malware researchers first found reports of real Backdoor.win32.scrab.p Trojans in 2009. Since then, there’s been  Backdoor.win32.scrab.p updates and variants; therefore, it is necessary to have security software that's been updated since that point in time.

Actual Backdoor.win32.scrab.p attacks may occur after you've installed software from a suspicious source, such as a P2P network or after you've visited a website that uses drive-by-download scripts that install Trojans and other types of malicious software. Standard dangers that are associated with Backdoor.win32.scrab.p and similar backdoor Trojans include:

  • Reduced security settings. SpywareRemove.com malware researchers have found that by far, the most common setting changes involved opening network ports and program exceptions that are added to your firewall; both of these alterations let Backdoor.win32.scrab.p make contact with remote hackers without your permission.
  • Blocked security programs, including anti-virus scanners, baseline Windows utilities and general system diagnostic and maintenance programs.
  • The presence of unusual files, folders, memory processes or programs. Backdoor.win32.scrab.p may be instructed to install other types of hostile software onto your PC; this can extend to spyware, RATs, worms, viruses or rogue security programs.

Although Backdoor.win32.scrab.p is a relatively old backdoor Trojan, Backdoor.win32.scrab.p should still be considered potentially as dangerous as Backdoor.Win32.DsBot.bvp, Backdoor.Win32.Bredolab.obk, Backdoor:Win32/Smadow or BackDoor.Fiber. SpywareRemove.com malware researchers recommend utilizing an anti-malware program to remove Backdoor.win32.scrab.p, since symptoms of a Backdoor.win32.scrab.p infection aren't likely to be significant and it can be difficult to locate all Backdoor.win32.scrab.p components by manual methods.

Genuine Backdoor.win32.scrab.p Trojans are also recognizable by their many aliases, such as Backdoor.Scrab.B, Win32/TrojanDownloader.Bredolab.AO Trojan, Trojan: Generic Dropper.js, Mal/EncPk-KY, BKDR_SCRAB.A, Backdoor.win32.scrab.p, Trojan.Packed.682 and Win32:Preald-AO, among others.

A Fake Backdoor.win32.scrab.p... for a Second Real PC Security Peril

As of August 2011, recent Backdoor.win32.scrab.p attacks that SpywareRemove.com malware research team have observed tend to consist of false positives that are given out by Trojans that install rogue security programs. These fake Backdoor.win32.scrab.p warnings don't indicate that a real Backdoor.win32.scrab.p Trojan is on your PC; instead, they only exist to terrify you into installing an unknown scamware product that tries to steal credit card information and money.

Symptoms of Trojans that use fake Backdoor.win32.scrab.p warnings include an inability to use popular security-related programs and the presence of fake Backdoor.win32.scrab.p pop-up alerts even in Safe Mode. Trojans such as Fake Microsoft Security Essentials, Zlob and Vundo are all possible culprits of these fake Backdoor.win32.scrab.p attacks.

If you install this rogue security program to try to remove the nonexistent Backdoor.win32.scrab.p infection, browser hijacks, security setting changes, disabled programs, altered file-viewing settings and potentially even a changed wallpaper will all plague your PC. You should try to remove these rogue security programs and the Trojan that creates Backdoor.win32.scrab.p alerts in the same way that you'd remove a real Backdoor.win32.scrab.p Trojan – by resorting to an anti-malware program while you've used standard anti-malware tactics to disable these attacks as much as possible.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%temp%\<RANDOM CHARACTERS>.dll File name: %temp%\<RANDOM CHARACTERS>.dll
File type: Dynamic link library
Mime Type: unknown/dll
C:\Documents and Settings\<username>\application data\<RANDOM CHARACTERS>.exe File name: C:\Documents and Settings\<username>\application data\<RANDOM CHARACTERS>.exe
File type: Executable File
Mime Type: unknown/exe

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft \Windows\CurrentVersion Explorer/ShellFolders Startup="C:\windows/start menu/programs\startup
Loading...