Backdoor.Agent.b
Description Backdoor.Agent.b
Agent.b is a classic Trojan backdoor that opens the infected machine to remote access. This backdoor is a Windows PE exe file written in Visual C.
Agent.b is packed with two packers: Morphine and UPX. The packed file size is 38 KB and unpacked - 104 KB.
Agent.b is controlled over IRC channels. The controller can download and execute files on the infected machine.
Payload
Agent.b opens a random port in the 1xxx range for about a second, and then continues opening the next port in ascending numerical order. The infected machine sees only ports 'blinking' in ascending order.
Removal
If you know the name of the file containing the Backdoor, you can delete it after you stop the active processes in RAM using the Windows Task Manager. Once you have deleted the process, you can then delete the file.
If you cannot identify the name of the active process, you need to install a firewall, such as Kaspersky Anti-Hacker, which will monitor open ports and provide a log.
Check other viruses! Be aware! Use Antiviral Software
Infector.822
Description Infector.822
It is a harmless nonmemory resident parasitic virus. It searches for .COM files of current directory, and writes itself to the end of the file. During every 3rd infection the virus displays a short message in Russian.
Inferno.781
Description Inferno.781
It is a very dangerous memory resident encrypted parasitic virus. It hooks INT 12h, 21h and writes itself to the end of COM files that are executed. Under debugger the virus overwrites the MBR of the hard drive. The virus contains the text string:
NAME OF THIS VIRUS IS "INFERNO" NEXT VERSION WILL BE BETTERall
|