Generic BackDoor!csb removal

Click to run a FREE scan for Generic BackDoor!csb now!

General information of Generic BackDoor!csb
Name:	Generic BackDoor!csb (Free Scan)
Affected OS:	Windows NT/2000/XP/Vista
Category:	Backdoor
Risk level :

Free Spyware Scan

Online computers are easy to be infected by various spyware

Fast spyware scanning and removal
100% real-time protection
Antivirus/malware protection

Description

"Generic BackDoor!csb" is a backdoor that allows unauthorized access and control of a compromised computer to the remote attacker.

Upon execution, the Trojan creates browser instances and connects to the following remote ip addresses and performs backdoor activity.

68.178.[removed] through remote port 80
86.128.[removed] through remote port 82

After execution the Trojan copies itself into the following location.

%WinDir%\system32\install\server.exe [Detected as Generic BackDoor!csb]

The following files have been dropped

%AppData%\Microsoft\Crypto\RSA\S-1- [Varies]\f9992b1ed3cdc054077ba50d8115ad69_e8d86675-b8d2-4ee6-876c-55cb6f7c0018 [Data file]
%AppData%\SQLite3.dll [Data file]
%Userprofile%\Cookies\[User Name]@server[1].txt [Data file]
%Temp%\29514437.tmp [Data file]
%Temp%\UuU.uUu [Data file]
%Temp%\XxX.xXx [Data file]
%Userprofile%\Local Settings\Temporary Internet Files\Content.IE5\JRPRBYW8\sqlite3[1].dll [Data file]

The following registry keys have been added

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3846A813-G1PX-GP34-W10Y-73675R5K48GI}
HKEY_USERS\S-1-[Varies]\Software\vima

The following registry Values have been added

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3846A813-G1PX-GP34-W10Y-73675R5K48GI}\]
StubPath = "%WinDir%\system32\install\server.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\]
Policies = "%WinDir%\system32\install\server.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\]
HKLM = "%WinDir%\system32\install\server.exe"
[HKEY_USERS\S-1-[Varies]\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\]
Policies = "%WinDir%\system32\install\server.exe"
[HKEY_USERS\S-1-[Varies]\Software\Microsoft\Windows\CurrentVersion\Run\]
HKCU = "%WinDir%\system32\install\server.exe"

The above registry entries confirm that, the Trojan "server.exe" executes every time when windows reboots.

[HKEY_USERS\S-1-[Varies]\Software\vima\]
FirstExecution: "Date and Time of execution"
[HKEY_USERS\S-1-[Varies]\Software\vima\]
NewIdentification = "vima"

The following folder has been added

%WinDir%\system32\install

[Note : %WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000) %SystemDir% = \WINDOWS\SYSTEM (Windows 98/ME), \WINDOWS\SYSTEM32 (Windows XP/Vista), \WINNT\SYSTEM32 (Windows NT/2000)
%Userprofile% - C:\Documents and Settings\[UserName]
%Temp% - C:\Documents and Settings\[UserName]\Local Settings\Temp
%AppData% - C:\Documents and Settings\Avert\Application Data]

Are you afraid to be infected and damaged by Generic BackDoor!csb? To realtime prevent and remove Generic BackDoor!csb, we sincerely advise you...

ACA Utilities™ all new software that will come out in the following months!

Related Search

.DLL Files:A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

.EXE Files:A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z