1. Symantec/
  2. Security Response/
  3. Backdoor.Formador


Risk Level 1: Very Low

December 10, 2003
December 11, 2003 3:25:55 PM
Also Known As:
Downloader-DP [McAfee], Perlovga [McAfee], Backdoor.Trojan.Client [Symantec], Backdoor.Formador.c [Kaspersky]
Systems Affected:
Backdoor.Formador is a back door server program that allows a remote attacker to perform various actions on a compromised computer. The Trojan can be received as any file name that the attacker chooses. When it is executed, it creates a copy of itself in the Windows System directory using the file name it was received as.

It then creates the following registry entry so that it is launched every time Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[TROJAN FILE NAME] = "%System%\[TROJAN FILE NAME] .exe"

The back door then makes a request to a predefined HTTP server to request a list of commands. The back door allows the remote attacker to perform some of the following actions:
  • Reconfigure the back door
  • Send system information using an HTTP POST request
  • Modify the registry
  • Delete files
  • Download and execute arbitrary code
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube