Backdoor.Ayuther
Backdoor.Ayuther is a computer Trojan that will provide remote access so that attacker may gain control over an infected system. The Trojan may add more harm when it connects to a remote server to fetch supplementary configuration file to update itself.
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Windows Vista
Characteristics
When Backdoor.Ayuther penetrates a computer, it will drop malicious file under Windows folder. Next, it initiate a backdoor using the port 2627 and communicate to a predefined host. This process will permit Backdoor.Ayuther to execute the following operation:
- End multiple processes that belongs to security applications
- Drop and execute malicious files which includes configuration data to enhance the presence of the Trojan
- Execute DOS command prompt and run relevant files
- Check version of infected computer’s operating system
- Reduce system performance
To run itself every time Windows starts, Backdoor.Ayuther will create the following service:
Service Name: Security Network Microsoft
Image Path: %SystemDrive%\System32\svchost.exe -k netsvcs
Distribution
This Trojan typically infiltrates a target system through various security and software vulnerabilities. It will exploit these system weaknesses to access the computer and hide itself from installed anti-virus application.
Backdoor.Ayuther also uses other method of propagation such as email spamming, associated Trojans and fake software updates.
Associated Files and Folders:%System%\dssemh.dll
How to Remove Backdoor.Ayuther
1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. To be able to identify even the most recent variant of Backdoor.Ayuther, open your antivirus application and update the virus definition file.
3. Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 on your keyboard repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Please select Safe Mode with Networking.
- The system will now boot Windows and loads only necessary drivers and files.
4. Open your antivirus program and run a full system scan. After the scan, delete all infected items. If unable to delete, better place them in quarantine. Once the scan is complete, please proceed with the next step.
Scan with Norton Power Eraser:
Free tool from Symantec called Norton Power Eraser provides deep scanning technology to detect and remote threats like Backdoor.Ayuther. NPE targets and eliminate threats that regular virus scan fails to identify. Download NPE here.
Important! Because of Norton Power Eraser’s aggressive method, it can select even legitimate files as suspicious. Please use this tool very carefully.