Hot Articles

Backdoor.Win32.Kbot.al

tag:Backdoors  

When launched, the backdoor injects its code into the "svchost.exe" process. This leads to the backdoor

registering itself on the remote malicious user's site by opening the following URL:

http://84.252.***.***/_rus/stat.php

The backdoor then gets the address of a host from the Internet, and carries out DDoS attacks on this host. The types of attack are listed below:

  1. SYN Flood
  2. ICMP Flood
  3. UDP Flood

If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:

  1. Use Task Manager to terminate the malicious program

    This Trojan provides a remote malicious user with access to the victim machine. It is a Windows PE EXE file. It is 12787 bytes in size.

    Installation

    Once launched, the backdoor copies its executable file to the Windows system directory:

    %System%\mssrv32.exe

    The backdoor then creates a service called "Microsoft security update service" which will automatically launch the backdoor's executable file each time the system is rebooted. The following registry key will be created:

    [HKLM\SYSTEM\CurrentControlSet\Services\msupdate] Payload

©Virus-Encyclopedia.com All Rights Reserved.