Thursday, October 23, 2008

Rbot Trojan

Removing Rbot
Categories: Trojan,Worm,Backdoor
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Worms can be classified by installation method, launch method and finally according
to characteristics standard to all malware: polymorphism, stealth etc.

Many of the worms which managed to cause significant outbreaks use more then
one propagation method as well as more than one infection technique.

Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.

Rbot Also known as:

[Eset]IRC/SdBot.BXW trojan;
[Computer Associates]Win32.Rbot.Y,Win32/SpyBot.Worm

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\csrs.exe
[%SYSTEM%]\cssrss.exe
[%SYSTEM%]\firewall.exe
[%SYSTEM%]\spoolvs.exe
[%WINDOWS%]\iexplore.exe
[%WINDOWS%]\scvhost.exe
[%SYSTEM%]\csrs.exe
[%SYSTEM%]\cssrss.exe
[%SYSTEM%]\firewall.exe
[%SYSTEM%]\spoolvs.exe
[%WINDOWS%]\iexplore.exe
[%WINDOWS%]\scvhost.exe

How to detect Rbot:

Files:
[%SYSTEM%]\csrs.exe
[%SYSTEM%]\cssrss.exe
[%SYSTEM%]\firewall.exe
[%SYSTEM%]\spoolvs.exe
[%WINDOWS%]\iexplore.exe
[%WINDOWS%]\scvhost.exe
[%SYSTEM%]\csrs.exe
[%SYSTEM%]\cssrss.exe
[%SYSTEM%]\firewall.exe
[%SYSTEM%]\spoolvs.exe
[%WINDOWS%]\iexplore.exe
[%WINDOWS%]\scvhost.exe

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RUNSERVICES
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices

Removing Rbot:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Zlob.Fam.MPVideoCodec Trojan
Fenster Trojan Removal instruction
Bitch.Controller Trojan Removal instruction
Druvil Trojan Symptoms
Spy.Win32.Banker.mt Trojan Symptoms

Basic.Hell Trojan

Removing Basic.Hell
Categories: Trojan,Backdoor,RAT
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Basic.Hell Also known as:

[Kaspersky]Backdoor.BasicHell.10;
[Eset]Win32/BasicHell.10 trojan;
[McAfee]BackDoor-AMO.gen;
[F-Prot]security risk or a "backdoor" program;
[Computer Associates]Backdoor/BasicHell.1.0

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\bhs.exe
[%WINDOWS%]\temp\tle13735314.exe
[%WINDOWS%]\system\bhs.exe
[%WINDOWS%]\temp\tle13735314.exe

How to detect Basic.Hell:

Files:
[%WINDOWS%]\system\bhs.exe
[%WINDOWS%]\temp\tle13735314.exe
[%WINDOWS%]\system\bhs.exe
[%WINDOWS%]\temp\tle13735314.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Basic.Hell:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Shorty.Gopher Adware Symptoms
Pest Trap Ransomware Cleaner
Klemfor Trojan Information
NetSpy.KeyLogger Spyware Symptoms
StartPage.zy Hijacker Cleaner