Backdoor.Win32.Delf.duc
| Detection added | Mar 04 2008 10:23 GMT |
| Update released | Mar 04 2008 13:35 GMT |
| Description added | Oct 03 2008 |
| Behavior | Backdoor |
| Platform | Win32 |
| Technical details |
This malicious program is a Trojan. It is a Windows PE EXE file. It is 447488 bytes in size.
| Payload |
The backdoor downloads a list of links to files on the Internet from the following URL:
http://218.234.17.***/install_count.html?id=mypark&MAC=.
is the MAC address of the network adapter.
The backdoor then randomly selects a link from the list, downloads the file placed on the link, and saves it to one of the following folders:
C:\Windows\addins\
C:\Windows\AppPatch\
C:\Windows\Config\
C:\Program Files\Internet Explorer\SIGNUP\
C:\Program Files\Common Files\System\
C:\Program Files\Internet Explorer\Connection Wizard\
C:\Program Files\Internet Explorer\Custom\
C:\Program Files\Internet Explorer\MUI\
C:\Program Files\Internet Explorer\PLUGINS\
c:\windows\
c:\temp
c:\windows\system32\
c:\Program Files\
c:\Program Files\Common Files\
C:\Program Files\Common Files\Microsoft Shared\
C:\Program Files\Common Files\Microsoft Shared\Windows Live\
C:\Program Files\Common Files\Microsoft Shared\MSInfo\
C:\Program Files\Common Files\Services\
The file is saved as "mypark.exe" and is then launched for execution.
| Removal instructions |
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
- Use Task Manager to terminate the malicious program’s process.
- Delete the original backdoor file (the location will depend on how the program originally penetrated the victim machine).
- Delete "mypark.exe" from the following folders:
C:\Windows\addins\
C:\Windows\AppPatch\
C:\Windows\Config\
C:\Program Files\Internet Explorer\SIGNUP\
C:\Program Files\Common Files\System\
C:\Program Files\Internet Explorer\Connection Wizard\
C:\Program Files\Internet Explorer\Custom\
C:\Program Files\Internet Explorer\MUI\
C:\Program Files\Internet Explorer\PLUGINS\
c:\windows\
c:\temp
c:\windows\system32\
c:\Program Files\
c:\Program Files\Common Files\
C:\Program Files\Common Files\Microsoft Shared\
C:\Program Files\Common Files\Microsoft Shared\Windows Live\
C:\Program Files\Common Files\Microsoft Shared\MSInfo\
C:\Program Files\Common Files\Services\ - Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
Related Article:
No comments:
Post a Comment