Wakeminap is a malicious Trojan horse that is made to open a hidden backdoor to the infected computer. It is known to hide over Adobe updater software name. Additionally, it drops a clean file with an extension of .doc, .pdf or .ppt in the %Temp% or %CurrentFolder% directories and then opens it. Wakeminap modifies systems registry, so that it could run every time windows starts.
After dropping and enabling itself, Wakeminap opens a backdoor connection for several locations, and then runs in the background by awaiting commands of the remote cybercriminal. This is the list of domains it tries to connect:
When the remote hacker logs in through the backdoor, he is able to perform several very dangerous actions, like ending processes or executing malicious files. Additionally, it may have the ability to execute shell commands. Here’s a list of actions that could be used by hacker, when the victim's computer is compromised:
- List running processes
- End processes
- Download and execute a remote file
- Execute shell commands
Wakeminap manual removal
Delete registry values:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"Adobe Update" = "[PATH TO DROPPED FILE]"
Post a comment
Attention: Use this form only if you have additional information about a parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.