Full
Name: |
Haxdoor.o |
Type: |
Trojan |
Also Known As: |
Backdoor.Haxdoor.o
BackDoor-BAC.dll (Mcafee)
BackDoor.Mutny
Troj/Haxdoor-E
Backdoor:Win32/Haxdoor.O
BDS/Haxdoor.O.2
Win32:Trojan-gen.
BackDoor.Haxdoor.AM ,
Backdoor.Haxdoor.O
Haxdoor.CX
Backdoor.Haxdoor.D (Symantec)
Troj/Haxdoor-AH (SOPHOS)
Backdoor.Haxdoor.I (Symantec) |
Danger Level: |
5 |
Category Description: |
Trojans are malicious applications that pose themselves as legitimate software in order to trick users to install them. Once on the victim's machine, it may run any number of malicious process to steal vital information or inflict damage to other software. |
Comment: |
This is a backdoor remote administration program. It spreads via the Internet using infected messages when commanded to by the author/user of the program. It is packed using FSG.
The program opens port 16661 and waits for client machines to connect. It has a wide range of remote administration commands, the main function being to intercept passwords on the victim machine and send them to the creator/ user of the program. |
|
|
Properties: |
|
Manual Removal: |
1. Boot your computer into safemode.
Please visit the following link for instructions on how to boot into safemode.
http://www.xblock.com/tt/index.php?x=&mod_id=2&id=132
2. Launch X-Cleaner in safemode and run a deepscan.
3. Reboot into safemode when prompted to reboot by X-Cleaner.
4. Launch registry editor from START button, Type in REGEDIT, click OK, and navigate to
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
5. In the right pane, delete the entry EnforceWriteProtection.
6. Launch X-Cleaner and run another deepscan.
7. After scan finishes reboot into normal mode. |