Run in the infected system, the Trojan drops a copy BackDoor.Finder in% APPDATA% folder of the current user, and makes the appropriate changes to the branch of the registry Windows, responsible for the startup applications. Then this malware is embedded into all running processes. If the Trojan to penetrate a browser process to Microsoft Internet Explorer, Mozilla Firefox, Maxtron, Chrome, Safari, Mozilla, Opera, Netscape and Avant, it intercepts function WSPSend, WSPRecv and WSPCloseSocket, reports news.drweb.com.
Then BackDoor.Finder generates up to 20 domain names management servers and consistently refers to them, transferring encrypted request. When the user tries to apply an infected machine to search on google.com, bing.com, yahoo.com, ask.com, search.aol.com, search.icq.com, search.xxx, www.wiki.com, www.alexa.com or yandex.com entered the request is passed to the management server, and in response, the Trojan gets the configuration file with a list of URLs, which will be forwarded to the browser. As a result, instead of a Web search results page the user sees in the browser these malicious Internet resources.
As specialists of Dr. Web was able to determine the current name generation algorithm BackDoor.Finder command centers, there were multiple management servers to gather statistics. It was found that the most common, this Trojan is in the U.S., and the absolute leader in the number of infections serves Kansas, the second place is New Jersey, the third - Ohio and Alabama. Least BackDoor.Finder Trojan infections account for Utah and Michigan.
VIPRE Antivirus 2013 - a quick and easy anti-virus, anti-spyware and anti-rootkit with Windows 8 support.