Backdoor.Agent.AADK
LOW
MEDIUM
~90KB
(Backdoor.Win32.Agent.adne(KAV32), Backdoor:Win32/Venik.C(OneCare) )
Symptoms
Unexpected network activity and Presence of files described bellow.
Removal instructions:
Please let BitDefender disinfect your files.
Manual: Run services.msc command (Start->Run ) and find the service with name and description form above paragraph. Open property dialog and at Startup type box set Disabled, then press STOP, after delete related files (replace beep.sys from Windows installation CD).
Analyzed By
Ovidiu Visoiu, virus researcher
Technical Description:
When is executed the malware drops a driver overwrites and load beep.sys (a non-critical Windows driver) from C:\Windows\system32\drivers folder. The new driver is detected as Trojan.Rootkit.GGR.
A second component (a DLL) is dropped in C:\Windows\System32\ and is loaded as a service named
MS Media Control Center and having description "Provides support for media player. This service can't be stoped." The DLL name is T*m*t*D.dll ( "*" - are random Ascii characteres) - Backdoor.PCClient.TEO.
After the service is loaded tries to connect (TCP) to awen667788.3322.org on 1122 port sending TCP syncronization packets and waiting for remote commands and a new malware file wich most probably will be saved as C:\1.exe (the file was unavailable at the moment of this description).
SHARE
THIS ON