Home Malware Programs Backdoors BKDR_INJECT.EVL

BKDR_INJECT.EVL

Posted: May 9, 2012

Threat Metric

Threat Level: 2/10
Infected PCs: 66
First Seen: May 9, 2012
OS(es) Affected: Windows

BKDR_INJECT.EVL is a backdoor Trojan that is delivered by cybercriminals or other malware infections via spam email attachments. The deceptive email message fools affected PC users into opening and running a malicious attachment file. BKDR_INJECT.EVL connects to a certain web page to send and receive information. BKDR_INJECT.EVL injects its DLL component to the svchost.exe process. BKDR_INJECT.EVL adds the 'allthesam' mutex to assure that only one of its copies initiates at any time. BKDR_INJECT.EVL registers itself as a system service so that it can run automatically every time you start your PC by adding the specific registry entries.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%System%\svc32ex.dll File name: %System%\svc32ex.dll
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\{Value}HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\6to4\Parameters ServiceDll = %System%\svc32ex.dllHKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4
Loading...