1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. System Infected: Backdoor.Emdivi Activity 4

System Infected: Backdoor.Emdivi Activity 4

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects activity of Backdoor.Emdivi.

Additional Information

The Trojan may arrive through an email attachment.

When the Trojan is executed, it creates the following files:
%Temp%\kptl.doc
%Temp%\leassnp.exe

Next, the Trojan creates the following file so that it runs every time Windows starts:
%SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\Startup\leassnp.lnk

The Trojan may then perform the following actions:
Connect to remote locations
Open a back door

Affected

  • Windows
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube