Defend what you create

Other Resources


My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets


Virus library

An analysis of the technologies used by cybercriminals allows us to draw conclusions about the virus industry’s possible vectors of development and more effectively confront future threats. You, too, can learn what actions various malicious programs take in infected systems and how to withstand them.

BackDoor.Gyplit in virus library:

A backdoor designed to control infected computers. Depending on the version, different file names are used. For example, file names that correspond to the first version look as follows:

  • %APPDATA%\Microsoft\Windows\Usrdpa.dat
  • %APPDATA%\Symantec\Plugins\NAVPInst.exe
  • %HOMEPATH%\Cookies\windhj.dat

The following are file names corresponding to the second version:

  • %APPDATA%\Microsoft\Windows\Usrdpa.dat
  • %APPDATA%\Adobe\Plugins\AcroRd32Info.exe
  • %HOMEPATH%\Cookies\winggf.dat

The file name that corresponds to the third version is as follows:

  • \Local Settings\Temp\winbha.dat

Once the iexplore.exe process is launched, the core module is injected into it to ensure communication with the command and control server.

Encrypted configuration data contains the command and control server address.

For example, one of the following addresses can be used:

  • itsec.****.net:80
  • itsec.****.net:443
  • bbs.****-*****.us:80

BackDoor.Gyplit in virus library:

var.undef error - undefined variable: DYN_NAME_RECS.pairs
The Russian developer of Dr.Web anti-viruses
Doctor Web has been developing anti-virus software since 1992
Dr.Web is trusted by users around the world in 200+ countries
The company has delivered an anti-virus as a service since 2007
24/7 tech support

Dr.Web © Doctor Web
2003 — 2021

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125124