Systweak Spyware Library
Systweak Spyware Library text
More than 21875 spyware signatures and growing
Microsoft Gold Certified Partner
Search in:
Trojan-Backdoor.remotedesk Analysis Report
Threat Submitted On: 8/7/2008 8:04:23 PM
Threat Analysed On: 8/8/2008 1:04:23 AM
Threat Updated On: 1/28/2011 12:07:00 AM
Type : Trojan-Backdoor
Symptoms of remotedesk
  • Performs malicious activities.
  • Fetches the user’s sensitive information.
  • Enables the attacker to control the system remotely.
Alias : backdoor.win32.remotedesk.a
Md5 Hash : [4766bcb17c29a30323e6ab3e85b7d483]
File Size : (460525 bytes)

Technical Details

Here are the Technical findings of our analysis team after analyzing this malware in detail :-

Creates the following infected Files on user's System
Delete the following Files to remove Infection
File: recyclers.exe
Path : %programfiles%\common files\microsoft shared\msinfo

Md5Hash :4766bcb17c29a30323e6ab3e85b7d483 ( 460525 bytes)
File: _recyclers.exe
Path : %windir%\system32

Md5Hash :4766bcb17c29a30323e6ab3e85b7d483 ( 460525 bytes)
File: [randomname].exe
Path : %workingdir%

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
1189cbd7b164fe3d747fd2328a60a751 ( 53248 bytes)
3f95868b40b6dc0ed921be94b9fd382e ( 354304 bytes)
4766bcb17c29a30323e6ab3e85b7d483 ( 460525 bytes)
Creates the following child process(s) on execution:

%programfiles%\internet explorer\iexplore.exe



Copies the Following Files to Given Location :-

Copies :%workingdir%\[random name].exe

To : %programfiles%\common files\microsoft shared\msinfo\recyclers.exe

Copies :%programfiles%\common files\microsoft shared\msinfo\recyclers.exe

To : %windir%\system32\_recyclers.exe


1. %programfiles% Refers to the program files folder. By default it is 'C:\Program Files'
2. %windir% Refers to the windows root folder. By default it is 'C:\Windows'
3. %workingdir% Refers to the current directory in which user is working.

Important: We strongly recommend that you backup the Registry before making any changes to it. Incorrect changes to the Registry can result in permanent data loss or corrupted Files. Modify the malicious\suspicious Subkeys only.

Click Here for more recommended PC Security and Optimization Tools

To modify registry entries in Windows Operating System:
Follow Steps:
1. Click Start > Run
2. Type “regedit” : to open registry editor
3. Navigate to required registry Key from the Left Tree control and modify accordingly.

Microsoft Gold Certified Partner

© Systweak Inc., 1999-2011 All rights reserved.