backdoor: Backdoor.Win32.Small.cef
Risk level: Medium
virus Description
The virus samples is a backdoor developed use the “MFC”, it is used “UPolyX” way of trying to evade signature scanning packers, packers after the size of “31,894″ bytes, the icon is “”, viruses extension “exe” , mainly through the “file bundle”, ” download tools to download” “page linked to horse”, etc.,and spread, the viruses primary purpose is to control the user’s computer.
After the user’s computer was infected, the network running Slow, open network ports, file data leakage, and so on.
Infection in the operating system
Windows 2000/Windows XP / Windows 2003/Windows Vista / Windows 7
Transmission
Bundle file, web page linked to horse, download tools to download
Manually removal:
1, manually shut down the service entry named “panp”
2, manually delete the following Registry key:
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ panp
HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Services \ panp
3, manually delete the following procedures:
% SystemRoot% \ system32 \ panp.exe
Variable declaration:
% SystemDriver% system where the partition, usually “C: \”
% SystemRoot% WINDODWS the directory, usually “C: \ Windows”
% Documents and Settings% user file directory, usually “C: \ Documents and Settings”
% Temp% temp folder, usually “C: \ Documents and Settings \ current user name \ Local Settings \ Temp”
% ProgramFiles% system program the default installation directory, typically: “C: \ ProgramFiles”
Virus
(1) virus related to open registry key, check whether they have been infected.
(2) access to the system path and its own path to copy itself to% SystemRoot% \ system32 \ panp.exe. Upon completion of its property to the system hidden attribute.
(3) to% SystemRoot% \ system32 \ panp.exe added to the name “panp” service items, and write the relevant registry values:
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ panp
Name: ImagePath
Value: C: \ WINDOWS \ system32 \ panp.exe
HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Services \ panp
Name: ImagePath
Value: C: \ WINDOWS \ system32 \ panp.exe
(4) After the success of the virus to delete itself.
(5)% SystemRoot% \ system32 \ panp.exe to connect to the specified network hackers, waiting to take control of the computer.
Virus to create a file:
% SystemRoot% \ system32 \ panp.exe
Virus to access the network:
98.126 .***. 154:1693
Heya i’m for the primary time here. I came across this board and I to find It really useful & it helped me out a lot. I hope to provide one thing again and aid others like you aided me.
It’s actually a great and helpful piece of info. I am glad that you simply shared this useful information with us. Please keep us up to date like this. Thank you for sharing.
Websites worth visiting…
[...]here are some links to sites that we link to because we think they are worth visiting[...]……
WoW Gold kaufen…
[...]here are some links to web pages that we link to for the reason that we believe they may be really worth visiting[...]…
Hostgator Blackfriday…
Hostgator is one of the best hosting I have used, would definitely recommend it to everyone….
Get High Quality Carrera Sunglasses…
[...]We all know that skills come pretty handy when doing something new and even more it if is important to us.[...]…
Linkback…
These days of austerity and also relative panic about getting debt, many individuals balk resistant to the idea of having a credit card to make purchase of merchandise or perhaps pay for a holiday….
Great website…
[...]we like to honor many other internet sites on the web, even if they aren’t linked to us, by linking to them. Under are some webpages worth checking out[...]……
Blogs ou should be reading…
[...]Here is a Great Blog You Might Find Interesting that we Encourage You[...]……
Cool sites…
[...]we came across a cool site that you might enjoy. Take a look if you want[...]……
Read was interesting, stay in touch……
[...]please visit the sites we follow, including this one, as it represents our picks from the web[...]……
Blogs ou should be reading…
[...]Here is a Great Blog You Might Find Interesting that we Encourage You[...]……
You should check this out…
[...] Wonderful story, reckoned we could combine a few unrelated data, nevertheless really worth taking a look, whoa did one learn about Mid East has got more problerms as well [...]……
Related……
[...]just beneath, are numerous totally not related sites to ours, however, they are surely worth going over[...]……
Sources…
[...]check below, are some totally unrelated websites to ours, however, they are most trustworthy sources that we use[...]……
Gems form the internet…
[...]very few websites that happen to be detailed below, from our point of view are undoubtedly well worth checking out[...]……
Online Article……
[...]The information mentioned in the article are some of the best available [...]……
Blogs ou should be reading…
[...]Here is a Great Blog You Might Find Interesting that we Encourage You[...]……
Great website…
[...]we like to honor many other internet sites on the web, even if they aren’t linked to us, by linking to them. Under are some webpages worth checking out[...]……
Sources…
[...]check below, are some totally unrelated websites to ours, however, they are most trustworthy sources that we use[...]……
Online Article……
[...]The information mentioned in the article are some of the best available [...]……