Backdoor.Cimuz is a Trojan that may allow a remote attacker to gain unauthorized access on the compromised system. Backdoor.Cimuz will steal sensitive information such as user name and password via key logging capabilities. The Trojan also gathers information like Operating System version, processor speed, system folder, upload folder and system uptime.
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Manual Removal of Backdoor.Cimuz:
1. If using Windows 7/Vista/Me/XP, System Restore must be disabled to prevent the threat from restoring itself. [Windows XP System Restore] [System Restore in Windows Vista/7]
2. Update the virus definitions.
3. Reboot computer in Safe Mode.
4. Run a full system scan and clean/delete all infected files.
5. Delete/Modify any values added to the registry.
6. Exit registry editor and restart the computer.
Scan with Norton Power Eraser:
A free removal tool from Norton Antivirus was developed to remove unfamiliar threats without using the traditional AV signatures. Download the tool from this location and start scanning the computer for viruses.
Online Virus Scanner:
Another way to remove a virus from a computer without the need to install additional anti-virus application is to perform a thorough scan with free Online Virus Scanner that can be found here or on web sites of legitimate computer security provider.
Technical Details and Additional Information:
Other functionalities of this Trojan:
- Trojan can run itself when Windows is started by placing an entry on the registry .
- It can install itself as Layered Service Provider (LSP ).
- Opens a backdoor on infected computer able to intercept user name and password.
Malicious Files Added by Backdoor.Cimuz
%Temp%\~[RANDOM ALPHANUMERIC CHARACTERS].tmp
%System%\[RANDOM ALPHANUMERIC CHARACTERS].tbl
%System%\msafd[TWO RANDOM NUMBERS].dll
Associated Windows Registry Entries:
HKEY_LOCAL_MACHINE\SYSTEM\Current ControlSet\Services\WinSock2\mswsock32\”PathName” = “C:\WINDOWS\system32\msafd[TWO RANDOM NUMBERS].dll”
Alternative Removal Method for Backdoor.Cimuz
Option 1 : Use Windows System Restore to return Windows to previous state
If Backdoor.Cimuz enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before Backdoor.Cimuz infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.