Overview
This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.
|
Minimum DAT
4412 (2004-12-08) Updated DAT5997 (2010-05-29) |
Minimum Engine
5.1.00 File Lengthvaries |
Description Added
2004-12-08 Description Modified2005-01-24 |
Malware Proliferation
Characteristics
For further details regarding the files dropped by this detection, please refer to the VIL descritions for BackDoor-BAC .
Upon execution, the following files are dropped onto the local computer:
- cm.dll (32,736 bytes - detected as BackDoor-BAC.dll)
- draw32.dll (32,736 bytes - detected as BackDoor-BAC.dll)
- fltr.a3d (4 bytes)
- hm.sys (16,064 bytes - detected as BackDoor-BAC.gen)
- klogini.dll (0 bytes)
- p2.ini (320 bytes)
- redir.a3d (0 bytes)
- vdnt32.sys (16,064 bytes - detected as BackDoor-BAC.gen)
Note: The files were dropped in teh %SysDir% directory. For example, c:\windows\system32
The following TCP listening ports are opened:
- Port: 24484
- Port: 40943
Symptoms
- Existence of registry keys and files listed above
- Open ports listed above
Method of Infection
Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, email, etc.
Removal
All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.
Variants