Home Education E-BooksTravel Troubleshooting Linux Contact Us About Us
Troubleshooting Tips And Steps
Windows & Hardware Tips
Information On Viruses
Miscellaneous

virus file

VIRUS NAME : BackDoor-ADM

VIRUS NAME : BackDoor-ADM

Trojan Characteristics

When executed for the first time on the victim machine, this remote access trojan may display a moving image of a running man in the foreground, together with a shrunk window (sometimes) captioned 'Unknown GUY':

Additionally the trojan opens up port 22784 in order to listen for remote commands from hackers running the client component of this backdoor.

The trojan copies itself to the Windows system directory, and to ensure its execution upon subsequent system startup, sets the following Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Microsoft Syscheck" = C:\WINDOWS\System\Syscheck.exe /s

Obviously the filenames used by the trojan and the name of the Registry key may vary between versions of this backdoor. (The /s switch invokes silent mode, stopping the above graphic being displayed.)

The server component of this trojan contains code to email the hacker (via port 80, utilising a WWPMsg.dll library) details of victim machines (port number, IP address).

Server functions may vary between different versions of this trojan, but include actions typical to many common backdoors:

shutdown machine
open/close CD-ROM tray
read PWL (Windows password) files
file system operations (upload, download, copy, delete, execute etc.)
capture screendump of victim machine
perform taskbar operations
send message
move/disable mouse

The indicated engine/DATs detect and delete this backdoor trojan, and remove the Registry hook it employs, detailed above.

Symptoms

Presence of the server file in the Windows system directory, coupled with the Registry key detailed above. Method Of Infection The server installs itself on the victim machine when executed, copying itself to the Windows system directory and hooking the Registry.

If you are fed up with any virus and not getting solution of it. mail us on amgroup@skillsheaven.com and please provide all the detail about virus.