Thursday, November 20, 2008

UltraVNC RAT

Removing UltraVNC
Categories: RAT
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.
Visible Symptoms:
Files in system folders:
[%DESKTOP%]\UltraVNC Server.lnk
[%DESKTOP%]\UltraVNC Viewer.lnk
[%PROGRAMS%]\ultravnc\doc\documentation.lnk
[%PROGRAMS%]\ultravnc\doc\licence.lnk
[%PROGRAMS%]\ultravnc\doc\readme.lnk
[%PROGRAMS%]\ultravnc\doc\whatsnew.lnk
[%PROGRAMS%]\ultravnc\ultravnc repeater\install repeater service.lnk
[%PROGRAMS%]\ultravnc\ultravnc repeater\remove repeater service.lnk
[%PROGRAMS%]\ultravnc\ultravnc repeater\run.lnk
[%PROGRAMS%]\ultravnc\ultravnc server.lnk
[%PROGRAMS%]\ultravnc\ultravnc server\install default registry settings.lnk
[%PROGRAMS%]\ultravnc\ultravnc server\install winvnc service silent.lnk
[%PROGRAMS%]\ultravnc\ultravnc server\install winvnc service.lnk
[%PROGRAMS%]\ultravnc\ultravnc server\reinstall winvnc service (silent).lnk
[%PROGRAMS%]\ultravnc\ultravnc server\remove winvnc service.lnk
[%PROGRAMS%]\ultravnc\ultravnc server\run service helper.lnk
[%PROGRAMS%]\ultravnc\ultravnc server\show about box.lnk
[%PROGRAMS%]\ultravnc\ultravnc server\show default settings.lnk
[%PROGRAMS%]\ultravnc\ultravnc server\show user settings.lnk
[%PROGRAMS%]\ultravnc\ultravnc server\show winvnc server help.lnk
[%PROGRAMS%]\ultravnc\ultravnc viewer.lnk
[%PROGRAMS%]\ultravnc\ultravnc viewer\run ultravnc viewer (listen mode).lnk
[%PROGRAMS%]\ultravnc\ultravnc viewer\show ultravnc viewer help.lnk
[%SYSTEM%]\drivers\vnccom.SYS
[%SYSTEM%]\drivers\vncdrv.sys
[%SYSTEM%]\vncdrv.dll
[%SYSTEM%]\vnchelp.dll
[%DESKTOP%]\UltraVNC Server.lnk
[%DESKTOP%]\UltraVNC Viewer.lnk
[%PROGRAMS%]\ultravnc\doc\documentation.lnk
[%PROGRAMS%]\ultravnc\doc\licence.lnk
[%PROGRAMS%]\ultravnc\doc\readme.lnk
[%PROGRAMS%]\ultravnc\doc\whatsnew.lnk
[%PROGRAMS%]\ultravnc\ultravnc repeater\install repeater service.lnk
[%PROGRAMS%]\ultravnc\ultravnc repeater\remove repeater service.lnk
[%PROGRAMS%]\ultravnc\ultravnc repeater\run.lnk
[%PROGRAMS%]\ultravnc\ultravnc server.lnk
[%PROGRAMS%]\ultravnc\ultravnc server\install default registry settings.lnk
[%PROGRAMS%]\ultravnc\ultravnc server\install winvnc service silent.lnk
[%PROGRAMS%]\ultravnc\ultravnc server\install winvnc service.lnk
[%PROGRAMS%]\ultravnc\ultravnc server\reinstall winvnc service (silent).lnk
[%PROGRAMS%]\ultravnc\ultravnc server\remove winvnc service.lnk
[%PROGRAMS%]\ultravnc\ultravnc server\run service helper.lnk
[%PROGRAMS%]\ultravnc\ultravnc server\show about box.lnk
[%PROGRAMS%]\ultravnc\ultravnc server\show default settings.lnk
[%PROGRAMS%]\ultravnc\ultravnc server\show user settings.lnk
[%PROGRAMS%]\ultravnc\ultravnc server\show winvnc server help.lnk
[%PROGRAMS%]\ultravnc\ultravnc viewer.lnk
[%PROGRAMS%]\ultravnc\ultravnc viewer\run ultravnc viewer (listen mode).lnk
[%PROGRAMS%]\ultravnc\ultravnc viewer\show ultravnc viewer help.lnk
[%SYSTEM%]\drivers\vnccom.SYS
[%SYSTEM%]\drivers\vncdrv.sys
[%SYSTEM%]\vncdrv.dll
[%SYSTEM%]\vnchelp.dll

How to detect UltraVNC:

Files:
[%DESKTOP%]\UltraVNC Server.lnk
[%DESKTOP%]\UltraVNC Viewer.lnk
[%PROGRAMS%]\ultravnc\doc\documentation.lnk
[%PROGRAMS%]\ultravnc\doc\licence.lnk
[%PROGRAMS%]\ultravnc\doc\readme.lnk
[%PROGRAMS%]\ultravnc\doc\whatsnew.lnk
[%PROGRAMS%]\ultravnc\ultravnc repeater\install repeater service.lnk
[%PROGRAMS%]\ultravnc\ultravnc repeater\remove repeater service.lnk
[%PROGRAMS%]\ultravnc\ultravnc repeater\run.lnk
[%PROGRAMS%]\ultravnc\ultravnc server.lnk
[%PROGRAMS%]\ultravnc\ultravnc server\install default registry settings.lnk
[%PROGRAMS%]\ultravnc\ultravnc server\install winvnc service silent.lnk
[%PROGRAMS%]\ultravnc\ultravnc server\install winvnc service.lnk
[%PROGRAMS%]\ultravnc\ultravnc server\reinstall winvnc service (silent).lnk
[%PROGRAMS%]\ultravnc\ultravnc server\remove winvnc service.lnk
[%PROGRAMS%]\ultravnc\ultravnc server\run service helper.lnk
[%PROGRAMS%]\ultravnc\ultravnc server\show about box.lnk
[%PROGRAMS%]\ultravnc\ultravnc server\show default settings.lnk
[%PROGRAMS%]\ultravnc\ultravnc server\show user settings.lnk
[%PROGRAMS%]\ultravnc\ultravnc server\show winvnc server help.lnk
[%PROGRAMS%]\ultravnc\ultravnc viewer.lnk
[%PROGRAMS%]\ultravnc\ultravnc viewer\run ultravnc viewer (listen mode).lnk
[%PROGRAMS%]\ultravnc\ultravnc viewer\show ultravnc viewer help.lnk
[%SYSTEM%]\drivers\vnccom.SYS
[%SYSTEM%]\drivers\vncdrv.sys
[%SYSTEM%]\vncdrv.dll
[%SYSTEM%]\vnchelp.dll
[%DESKTOP%]\UltraVNC Server.lnk
[%DESKTOP%]\UltraVNC Viewer.lnk
[%PROGRAMS%]\ultravnc\doc\documentation.lnk
[%PROGRAMS%]\ultravnc\doc\licence.lnk
[%PROGRAMS%]\ultravnc\doc\readme.lnk
[%PROGRAMS%]\ultravnc\doc\whatsnew.lnk
[%PROGRAMS%]\ultravnc\ultravnc repeater\install repeater service.lnk
[%PROGRAMS%]\ultravnc\ultravnc repeater\remove repeater service.lnk
[%PROGRAMS%]\ultravnc\ultravnc repeater\run.lnk
[%PROGRAMS%]\ultravnc\ultravnc server.lnk
[%PROGRAMS%]\ultravnc\ultravnc server\install default registry settings.lnk
[%PROGRAMS%]\ultravnc\ultravnc server\install winvnc service silent.lnk
[%PROGRAMS%]\ultravnc\ultravnc server\install winvnc service.lnk
[%PROGRAMS%]\ultravnc\ultravnc server\reinstall winvnc service (silent).lnk
[%PROGRAMS%]\ultravnc\ultravnc server\remove winvnc service.lnk
[%PROGRAMS%]\ultravnc\ultravnc server\run service helper.lnk
[%PROGRAMS%]\ultravnc\ultravnc server\show about box.lnk
[%PROGRAMS%]\ultravnc\ultravnc server\show default settings.lnk
[%PROGRAMS%]\ultravnc\ultravnc server\show user settings.lnk
[%PROGRAMS%]\ultravnc\ultravnc server\show winvnc server help.lnk
[%PROGRAMS%]\ultravnc\ultravnc viewer.lnk
[%PROGRAMS%]\ultravnc\ultravnc viewer\run ultravnc viewer (listen mode).lnk
[%PROGRAMS%]\ultravnc\ultravnc viewer\show ultravnc viewer help.lnk
[%SYSTEM%]\drivers\vnccom.SYS
[%SYSTEM%]\drivers\vncdrv.sys
[%SYSTEM%]\vncdrv.dll
[%SYSTEM%]\vnchelp.dll

Folders:
[%COMMON_PROGRAMS%]\UltraVNC
[%PROGRAM_FILES%]\ultravnc

Registry Keys:
HKEY_CURRENT_USER\software\orl\vncviewer
HKEY_CURRENT_USER\software\orl\winvnc3
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{a8ad990e-355a-4413-8647-a9b168978423}_is1
HKEY_LOCAL_MACHINE\software\ultravnc
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_vnccom
HKEY_LOCAL_MACHINE\system\currentcontrolset\hardware profiles\current\system\currentcontrolset\services\vncdrv
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\eventlog\system\vncdrv
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\vnccom
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\vncdrv

Registry Values:
HKEY_LOCAL_MACHINE\hardware\devicemap\video

Removing UltraVNC:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
VBVirul Trojan Cleaner
NaviSearch Adware Information
Win32.Hlife DoS Cleaner

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)