Friday, October 10, 2008

InCommand Trojan

Removing InCommand
Categories: Trojan,Spyware,Backdoor,RAT,Hacker Tool
This loose category includes a variety of Trojans that damage victim machines or threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers create multi-functional Trojans rather than Trojan packs.
Spyware is computer software that is installed surreptitiously on a personal computer to intercept or take partial control over the user's interaction with the computer, without the user's informed consent.

While the term spyware suggests software that secretly monitors the user's behavior, the functions of spyware extend well beyond simple monitoring.

Spyware programs can collect various types of personal information, such as Internet surfing habit, sites that have been visited, but can also interfere with user control of the computer in other ways, such as installing additional software, redirecting Web browser activity, accessing websites blindly that will cause more harmful viruses, or diverting advertising revenue to a third party.

Spyware can even change computer settings, resulting in slow connection speeds, different home pages, and loss of Internet or other programs. In an attempt to increase the understanding of spyware, a more formal classification of its included software types is captured under the term privacy-invasive software.
Backdoors are the most dangerous type of Trojans and the most popular. Backdoors open infected machines to external control via Internet. They function in the same way as legal remote administration programs used by system administrators. This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer. Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open. Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information, execute malicious code, destroy data, include the machine in bot networks and so forth. Backdoors combine the functionality of most other types of in one package.


Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Many trojans and backdoors now have remote administration capabilities allowing an individual to control the victim's computer. Many times a file called the server must be opened on the victim's computer before the trojan can have access to it.

These are generally sent through email, P2P file sharing software, and in internet downloads. They are usually disguised as a legitimate program or file. Many server files will display a fake error message when opened, to make it seem like it didn't open. Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack. They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray, and swap mouse buttons. However, they can be quite hard to remove.
These utilities are designed to penetrate remote computers in order to use them as zombies (by using backdoors) or to download other malicious programs to computer.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.

InCommand Also known as:

[Kaspersky]Backdoor.InCommander.10,Backdoor.InCommander.10.b,Backdoor.Win32.InCommander.10,Backdoor.Win32.InCommander.10.b,Backdoor.InCommander.11,Backdoor.Win32.InCommander.11,Backdoor.InCommander.12,Backdoor.Win32.InCommander.12,Backdoor.InCommander.13,Backdoor.Win32.InCommander.13,Backdoor.InCommander.14,Backdoor.Win32.InCommander.14,Backdoor.InCommander.15,Backdoor.InCommander.15.a,Backdoor.InCommander.153,Backdoor.InCommander.16.b,Backdoor.Win32.InCommander.16.b,Backdoor.InCommander.16.e,Backdoor.InCommander.plugin.RegEdit.a,Backdoor.InCommander.plugin.RegEdit.b,Backdoor.InCommander.16.f;
[Eset]Win32/InCommander.13.Server trojan,Win32/InCommander.1_7.D trojan,Win32/InCommander.Plugin.RegistryEditor trojan;
[McAfee]BackDoor-DB,BackDoor-DB.svr.gen,Generic;
[F-Prot]security risk or a "backdoor" program,W32/Backdoor.Incommand;
[Panda]Bck/InCommander.10,Bck/Incommander.Clt,Bck/Incommander.Srv,Bck/Incommander.11.I,Bck/Incommander.11.II,Bck/Incommander.12,Bck/InCommander.1.3,Bck/Incommander.13,Bck/InCommander.1.4,Bck/Incommander.14,Bck/InCommander.1.5,Bck/Incommander.15,Backdoor Program,Bck/Incommander.153,Bck/Incommander.16b,Bck/Incommand.RegEd,Bck/Incommand.Comp;
[Computer Associates]Backdoor/BackConstructor_Server_,Win32.InCommand.10,Backdoor/InCommander.11,Backdoor/InCommander.11.a,Win32.InCommand.11,Backdoor/InCommander.12,Backdoor/Incommand.13!Server,Win32.InCommand.13,Backdoor/InCommand_Server_family,Backdoor/InCommander.14,Win32.InCommand.14,Backdoor/BladeRunner.15!Server,Backdoor/Incommander.15,Win32.InCommand.15,Backdoor/InCommand.153,Win32.InCommand.153,Backdoor/InCommand_1.6_EditServe,Win32.InCommand.16.B,Backdoor/InCommander!Plugin.RegE

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\info32.exe
[%WINDOWS%]\msie50h.exe
[%WINDOWS%]\olemon32.exe
[%WINDOWS%]\rsapi.exe
[%WINDOWS%]\info32.exe
[%WINDOWS%]\msie50h.exe
[%WINDOWS%]\olemon32.exe
[%WINDOWS%]\rsapi.exe

How to detect InCommand:

Files:
[%WINDOWS%]\info32.exe
[%WINDOWS%]\msie50h.exe
[%WINDOWS%]\olemon32.exe
[%WINDOWS%]\rsapi.exe
[%WINDOWS%]\info32.exe
[%WINDOWS%]\msie50h.exe
[%WINDOWS%]\olemon32.exe
[%WINDOWS%]\rsapi.exe

Removing InCommand:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Badmin Trojan Symptoms
Bitch.Controller Trojan Information
Excel.Yohimbe Trojan Symptoms
Balloon.Pop.Word.Game Trojan Removal instruction
Small.ct Backdoor Cleaner

No comments: