Backdoor.Win32.S.Agent.49699
種類
Backdoor
危険度/拡散度
/
発見日
[korea] 0000-00-00 [Foreign] 0000-00-00
Virobot対応
2011-08-09 [Able to detect & repair]

A.     Route of Infection

 

Backdoor.Win32.S.Agent.49699 does not spread out as itself and it is downloaded from hacked site or other malicious codes such as Spyware, Adware, Dropper, and etc.

 

B.     Symptom of Infection

 

1)     Backdoor.Win32.S.Agent.49699 is a variant of remote tool, ghost RAT.

 

2)     Backdoor.Win32.S.Agent.49699 runs by loading to RUNDLL32.EXE.

 

 

 [PIC 1] rundll32.exe Load

 

3)     Backdoor.Win32.S.Agent.49699 runs by registering to service.

 

 

[PIC 2] Add to registry

 

4)     Backdoor.Win32.S.Agent.49699 performs malicious actions such as print screen, file transfer, keyboard & mouse control and etc.

 

[PIC 3] Print screen

 

 

[PIC 4] Keyboard & Mouse control

 

 

[PIC 5] Data transfer

 

 

[PIC 6] File transfer type

 

 

5)     Backdoor.Win32.S.Agent.49699 seems to access to a C&C server which is located in China and does additional malicious actions via remote session.

 

 

[PIC 7] Network access

[How to repair]

Reparable by ViRobot engine ver.2011-08-09.03 or above.