MSDUBMNAX.CMD is Backdoor Andromeda

May 30, 2012 by NightWatcher
Filed under: Backdoor 
: Solved!

Fix it immediately:

The program MSDUBMNAX.CMD is used for hidden penetration into PC and its remote administration.
UnHackMe is recommended as a reliable program for solving the problem with MSDUBMNAX.CMD.
Download for free: http://www.unhackme.com

Malware Analysis of MSDUBMNAX.CMD
Full path on a computer: C:\Documents and Settings\All Users\Local Settings\Temp\msdubmnax.cmd

Detected by UnHackMe:

Item Name: 12278
Author:
Related File: C:\DOCUME~1\ALLUSE~1\LOCALS~1\TEMP\MSDUBMNAX.CMD
Type: Explorer Run

Removal Results: Success
Number of reboot: 1

MSDUBMNAX.CMD is known as:

Backdoor.Andromeda, Trojan.Tipp, Trojan.ADH, Worm.Gamarue

MSDUBMNAX.CMD hash:

  • MD5: d54c067b972f9ba284bd52d659911b3c
The file tries to download information from some web sites.
How to quickly detect MSDUBMNAX.CMD presence?

Registry:
  • HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\12278: “C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\msdubmnax.cmd”
Files:
  • C:\Documents and Settings\All Users\Local Settings\Temp\msdubmnax.cmd


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

Written by

Malware Hunter.

Tags: Andromeda, Backdoor, MSDUBMNAX.CMD

Comments

Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!

You must be logged in to post a comment.