Undetected Trojan With Keylogger And Backdoor Abilities

Hello,


BitDefender doesn't stop the installation of all files. Once installed there was an attempt to contact an ip address in China. I could verify it by taking a look in the BitDefender firewall logfile. Most of the files are dropped in the system 32 folder. It loads a module called kbass1p.dll into the explorer.exe process. It installs also drivers.Which makes explorer.exe crashes or causing a runtime error.


Thanks in advance.


Best regards


Niels

/applications/core/interface/file/attachment.php?id=1551" data-fileid="1551" rel="">sample.rar

Comments

  • Hallo

    if you have any problems with deleting the file with the antivirus you can delete it manualy %windows\explorer delete that folder.It is not the originaly explorer.exe folder.It is a new folder created by the keylogger.

  • Hello Boris_N.Vasilev,


    It isn't that easy. That file is loaded into the legit explorer.exe process if you delete that you will damage your windows installation. There wasn't any folder made in the system 32 directory. BitDefender now detects since yesterday. Also the keylogger drivers are hidden you can't see them even when you check in folder options to see hidden files and folders.


    Best regards


    Niels