Backdoor:Win32/Tesyong.A is a trojan that allows unauthorized access and control of an affected computer.
Installation
Backdoor:Win32/Tesyong.A copies itself to %programfiles%\microsoft temsys\hongsy.exe.
The malware changes the following registry entries so that it runs each time you start your PC:
In subkey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Sets value: "HongSy"
With data: "c:\program files\microsoft temsys\hongsy.exe"
The malware creates the following files on your PC:
Payload
Changes system security settings
Backdoor:Win32/Tesyong.A adds itself to the list of applications that can access the Internet without being stopped by your firewall. It does this by making the following registry modification:
Adds value:
"C:\Program Files\Microsoft TemSys\HongSy.exe"With data:
"c:\program files\microsoft temsys\hongsy.exe:*:enabled:hongsy"To subkey:
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
Allows backdoor access and control
The malware gives a hacker access and control of your PC. They can then perform a number of different actions, including:
- Downloading and running files
- Uploading files
- Spreading malware to other PCs
- Logging your keystrokes or stealing your sensitive data
- Modifying your system settings
- Running or stopping applications
- Deleting files
This malware description was produced and published using automated analysis of file SHA1 754614600df05f23d5ae1568a9b822bdf12054a6.
