My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

Backdoor.Agent.AADK

LOW
MEDIUM
~90KB
(Backdoor.Win32.Agent.adne(KAV32), Backdoor:Win32/Venik.C(OneCare) )

Symptoms

Unexpected network activity and Presence of files described bellow. 

Removal instructions:

Please let BitDefender disinfect your files.
Manual: Run services.msc command (Start->Run ) and find the service with name and description form above paragraph. Open property dialog and at Startup type box set Disabled, then press STOP, after delete related files (replace beep.sys from Windows installation CD).

Analyzed By

Ovidiu Visoiu, virus researcher

Technical Description:

When is executed the malware drops a driver overwrites and load beep.sys  (a non-critical Windows driver) from C:\Windows\system32\drivers folder. The new  driver is detected as Trojan.Rootkit.GGR.
A second component (a DLL) is dropped in C:\Windows\System32\ and is loaded as a service named
MS Media Control Center and having description "Provides support for media player. This service can't be stoped." The DLL name is T*m*t*D.dll ( "*" - are random Ascii characteres) -  Backdoor.PCClient.TEO.    
After the service is loaded tries to connect (TCP) to awen667788.3322.org on 1122 port sending TCP syncronization packets and waiting for remote commands and a new malware file wich most probably will be saved as C:\1.exe (the file was unavailable at the moment of this description).