ViRobot

Security Info

  • Security Center
    • Virus
  • Security Dictionary
  • Security Service

Threats DB

Backdoor.Win32.IRCBot.52736.K

Aliases  
Typical Symptoms  Refers to analyzed data,Security threats
Discovered  [korea] 2009-05-19
 [Foreign] 0000-00-00
Type  Backdoor ActiveField  Win32
Destory/Distribution
Origin  others Encryption  NO
Location  None Memory residence  NO
Scan engine needed
2009-05-20 [Able to detect & repair]
  • Free scan
  • Free trial download
Description


[Detailed Information]

1. It create files like below path.
 

   (System Folder)\(Normal File Name)(Random one character of alphabet).exe
   (Backdoor.Win32.IRCBot.52736.K)


2 . It adds registry like below.

   - HKLM\SYSTEM\CurrentControlSet\Services\(Normal Service Name)(Random Alphabet)


      DisplayName : Same as Normal Service Name
      ErrorContral : 0
      ImagePath : (System Folder)\(Normal File Name)(Random one character of alphabet).exe srv
      ObjectName : LocalSystem
      Start : 0
      Type : 272


   - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

 

a2service.exe

ArcaCheck.exe

arcavir.exe

ashDisp.exe

ashEnhcd.exe

ashServ.exe

ashUpd.exe

aswUpdSv.exe

autoruns.exe

avadmin.exe

avcenter.exe

avcls.exe

avconfig.exe

avconsol.exe

avgnt.exe

avgrssvc.exe

avguard.exe

AvMonitor.exe

avp.com

avp.exe

AVP32.exe

avscan.exe

avz.exe

avz4.exe

avz_se.exe

bdagent.exe

bdinit.exe

caav.exe

caavguiscan.exe

casecuritycenter.exe

CCenter.exe

ccupdate.exe

cfp.exe

cfpupdat.exe

cmdagent.exe

drwadins.exe

DRWEB32.exe

drwebupw.exe

ekrn.exe

FAMEH32.exe

filemon.exe

FPAVServer.exe

fpscan.exe

FPWin.exe

fsav32.exe

fsgk32st.exe

FSMA32.exe

GFRing3.exe

guardgui.exe

guardxservice.exe

guardxup.exe

HijackThis.exe

KASMain.exe

KASTask.exe

KAV32.exe

KAVDX.exe

KAVPF.exe

KAVPFW.exe

KAVStart.exe

KPFW32.exe

KPFW32X.exe

Navapsvc.exe

Navapw32.exe

navigator.exe

NAVNT.exe

NAVSTUB.exe

NAVW32.exe

NAVWNT.exe

niu.exe

nod32.exe

nod32krn.exe

Nvcc.exe

OllyDBG.exe

outpost.exe

preupd.exe

procexp.exe

pskdr.exe

regedit.exe

regmon.exe

RegTool.exe

scan32.exe

SfFnUp.exe

Vba32arkit.exe

vba32ldr.exe

vsserv.exe

Zanda.exe

zapro.exe

Zlh.exe

zonealarm.exe

zoneband.dll

 

 

 [Notation]

-"(System Folder)" could be different by system, and generally this is C:\Windows\System(Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), C:\Windows\System32 (Windows XP).
Removal Instructions
[How to repair]

1. If you are WinXP/ME users, please be inactivate System Recovery Function.

The reason why being inactivate of the system recovery is to clean the virus completely.
You can refer to MS technical documents(Q263455) for more details.

2. Update the engine module for the latest one.
To repair this virus, you need to update the engine for the latest one.

a. ViRobot products users
     -Download the latest engine files via our website (www.hauri.net)

b. Non-ViRobot products users
     - Use the LiveCall (Free Scan) via the website (http://www.livecall.co.kr)

     - Use the trial version of ViRobot products (30days only)

3. How to scan the virus.

a. Run your ViRobot, and choose "all files" in scan option.

- ViRobot Expert 4.0 : [Edit] -> [Configuration] -> [Scan] : Check all files
  
- ViRobot Desktop 5.0 : [Tools] -> [Configuration] -> [Virus Scan] : Check all files

- ViRobot Desktop 5.5 : [Tools] -> [Configuration] -> [Virus Scan] : Check all files

- LiveCall (Free Scan) : [Advanced Scan] : Check

b. Repair all viruses detected.

c. If [Auto-repair after rebooting] message shows up, please try to re-scan after rebooting the PC.
List
Copyright 2008 @ HAURI Inc. All rights reserved. SiteMap