Virus Profile: BackDoor-DKI.gen.am

Threat Search

Virus Profile information details
Risk Assessment:	Home Low \| Corporate Low
Date Discovered:	9/11/2009
Date Added:	9/11/2009
Origin:	N/A
Length:	Varies
Type:	Trojan
Subtype:	Downloader
DAT Required:	5738
Removal Instructions

Overview
Virus Characteristics
Removal Instructions

Description

This is a generic detection name for trojans that open a backdoor and allow the attacker to issue commands to control the compromised machines.

Indication of Infection

Presence of the mentioned files,
Connections to the mentioned remote hosts.

Methods of Infection

Trojans do not self-replicate. They spread manually, often under the premise that the executable is something beneficial.
Trojans may also be received as a result of poor security practices, or un-patched machines and vulnerable systems.
Distribution channels include IRC, peer-to-peer networks, email, newsgroups postings, etc.

View Virus Characteristics

Virus Characteristics

This malware is being dropped by malicious PDFs detected with the prefix Exploit-PDF.

It records the keystrokes entered by user and stores them into a log file. Later it tries to send the stolen data to the attacker.

It may create following files:

%systemroot%\seshutup.exe
%systemroot%\seshutup
%systemroot%\allowsff.exe
%systemroot%\system32\dnsmain.exe

It also writes into the memory of explorer.exe process which causes it to spawn iexplore.exe process which opens up a backdoor to accept commands and send the stolen information. It tries to connect to:

google.vizvaz.com
218.154.22.99

for more information please refer http://vil.nai.com/vil/content/v_141085.htm

Back To Overview View Removal Instructions

AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.
Additional Windows ME/XP removal considerations