Backdoor.Agent - Spyware Detector

Spyware free software spyware removal Anti Spyware software free spyware check adware spyware remover anti virus download

Home/ Spyware Encyclopedia / Backdoor.Agent

Backdoor.Agent Technical Details

Category

Backdoor

Discovered

9/12/2007 12:37:00 PM

Modified

7/17/2008 10:43:00 AM

Threat Level

High

Description

A Backdoor is a software program that gives an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge. A Backdoor compromises system integrity by making changes to the system that allow it to be used by the attacker for malicious purposes unknown to the user.

Summary

The hosts file was updated with the following url-to-ip mappings: n/a
The following http urls were started:
www.54699.com
192.168.1.1
Generated smtp traffic: n/a
Connection(s) established with remote IRC Server: n/a
The following hidden entries created: n/a
The following internet connection was established:
121.10.108.227:80
192.168.1.54:80

When the Backdoor is executed, it creates the following files:

Name	Version	Publisher	Signature (MD5)	File Size (in Bytes)
..\system\finder.dll	3.1.5.0	microsoft	c59f9df54e8842e19269114e1d9039a1	178688
..\system\sysloader.exe	3.1.5.0	microsoft	3c4fa667180f71e9ece4defb9406fb97
..\system\sysloader.exe	3.1.5.0	Microsoft	3c4fa667180f71e9ece4defb9406fb97	354832
..\temp\882bb0a9.tmp			e4db6a95d0179fec41a23e78a642e33f	108
..\temp\d3a1ba7a.tmp			4ef575f8800d6a4b8c105fad76f07ab3	114
..\brkpddoc.exe			0f55e1e262d564d9d4af47674ee8b79a	37423
..\netservice.exe			8c63819a6c0dd113fbb96c096893d81a	171520
..\startup\3541ce03.exe			6c3f25e2d96e2650f8bdd07b4c5679e8	1980416
..\startup\67dd42ab.exe			0fd578fab2dc5bfb9722252ccae49cf4	1910272
..\startup\northpont.exe	1.0.0.5		e9065995bfc0e4eedbb7559f663e4446	126976
..\0h2qkal2\00035[1].exe			1F8000A682401C615A371AB8956A13CA
..\gc592eos\00006[1].exe			43A8F5E0665AC831B99C051B396CB603
..\gc592eos\00030[1].exe			06998DC65E14D4D9935999F7485E8AB3
..\kv3zhgoj\00002[1].exe			A0BFFC890EE35CB611A39F5EC87568E1
..\kv3zhgoj\00014[1].exe			5B8888FA6BDB8C233DC607737E223832
..\sgvri9dl\00008[1].exe			41C6FC928B1697CA820FF5B54E883997
..\sgvri9dl\00015[1].exe			08DB1402AB3DF55F7E7C41ACD3090F86
..\sgvri9dl\host[1].exe			A33B116E7CA1B756F1046A36826C6FD0
..\cftmon.exe			5223c02d179137fb5d894213bc9f3d68	68226
..\cftmon.exe			c2a572d8d70f1cca20ec7d15349bf4de	72568
..\cftmon.exe			c689f920f94e4648df5338dfffc9e298	85157
..\kav_keygen.exe.exe	6.0.2900.2180	microsoft corporation	5882a560358fbd8180c450b0ab8d81ce	1309184
..\ph_the_game.exe	6.0.2900.2180	microsoft corporation	833ea11d227794014573aaa7cb0ed7da	1328128
..\bforkt\bforkt.exe			d456a645131faa0a6b5c089ebae16ca8	74109
..\common files\clenar2.exe			2c78a0f73f3fa83e48393404a1d4d5ea	18432

When the Backdoor is executed, it creates the following Registry entries:

•	..\software\ctf\mgxdmt
•	..\software\ezmsncli
•	..\software\microsoft\active setup\installed components\{9d2f5ff6-907f-f848-4e2f-b58a522c9041}
•	..\software\microsoft\windows\currentversion\explorer\"internalprogramdata"
•	..\software\microsoft\windows\currentversion\run\"aaggckplqh"
•	..\software\microsoft\windows\currentversion\run\"fftdup"
•	..\software\microsoft\windows\currentversion\run\"svx control service"
•	..\software\microsoft\windows\currentversion\run\"unmlk"
•	..\software\microsoft\windows\currentversion\run\"windowsupdatemanager"
•	..\system\currentcontrolset\services\2b48fe79
•	..\system\currentcontrolset\services\576df16d
•	..\system\currentcontrolset\services\edfscv
•	..\system\currentcontrolset\services\kkdj3sdf3
•	..\software\2bbfd19564
•	..\software\classes\appid\wstart.dll\"appid"
•	..\software\classes\clsid\{00000231-1000-0010-8000-00aa006d2ea4}
•	..\software\classes\clsid\{0a8c4a45-0ab3-4a15-8e22-a7782943dd6e}
•	..\software\classes\clsid\{20ba8678-26cf-44ec-9ddb-d6e5923ac40d}
•	..\software\classes\clsid\{2c1cd3d7-86ac-4068-93bc-a02304bb2225}
•	..\software\classes\clsid\{46a2e664-f8ec-49f2-8590-0b22cb390b46}
•	..\software\classes\clsid\{9896231a-c487-43a5-8369-6ec9b0a96cc0}\versionindependentprogid
•	..\software\classes\clsid\{a0496108-a6ba-93d6-e9dc-00707b120734}
•	..\software\classes\clsid\{a0496108-a6ba-93d6-e9dc-13519621877d}
•	..\software\classes\clsid\{aa3c6266-eaef-42d6-8b30-c809a222169a}
•	..\software\classes\clsid\{c0f82dbd-276f-4be2-ad17-9f9735b3958d}

Recommendation to remove Backdoor.Agent

Spyware Detector can remove Backdoor.Agent, and thousands of other Spyware definitions, automatically and instantly. Click here to download Spyware Detector and scan for free.

	Personalized e-Mail support by our Research Team. You send an "Export Log" report to us, we then add new definition and you eliminate spyware found on YOUR PC in the next Live Update. So, not only do you benefit but the whole community enjoys the feedback.

	Speed up your computer and increase browsing performance by deleting Spyware & Adware

	Enjoy continuous protection and security with frequent spyware definition updates so you never have to worry about new threats and outdated software.

	Surf the web with confidence knowing your online activities aren't being tracked, and your confidential data is secure from prying eyes.

Search Threats

Testimonials

Information Desk

	Spyware & Adware Categories we scan

	List of Spyware & Adware we remove


	Submit a Threat Submit a threat to be reviewed by our research team Submit a Threat