Backdoor.Cimuz
Backdoor.Cimuz is a Trojan that may allow a remote attacker to gain unauthorized access on the compromised system. Backdoor.Cimuz will steal sensitive information such as user name and password via key logging capabilities. The Trojan also gathers information like Operating System version, processor speed, system folder, upload folder and system uptime.
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Manual Removal of Backdoor.Cimuz:
1. If using Windows 7/Vista/Me/XP, System Restore must be disabled to prevent the threat from restoring itself. [Windows XP System Restore] [System Restore in Windows Vista/7]
2. Update the virus definitions.
3. Reboot computer in SafeMode [how to]
4. Run a full system scan and clean/delete all infected file(s)
5. Delete/Modify any values added to the registry. [how to edit registry]
6. Exit registry editor and restart the computer.
Scan with Norton Power Eraser:
A free removal tool from Norton Antivirus was developed to remove unfamiliar threats without using the traditional AV signatures. Download the tool from this location and start scanning the computer for viruses.
Online Virus Scanner:
Another way to remove a virus from a computer without the need to install additional anti-virus application is to perform a thorough scan with free Online Virus Scanner that can be found here or on web sites of legitimate computer security provider.
Technical Details and Additional Information:
Other functionalities of this Trojan:
- Trojan can run itself when Windows is started by placing an entry on the registry .
- It can install itself as Layered Service Provider (LSP ).
- Opens a backdoor on infected computer able to intercept user name and password.
Malicious Files Added by Backdoor.Cimuz
%Temp%\~[RANDOM ALPHANUMERIC CHARACTERS].tmp
%System%\[RANDOM ALPHANUMERIC CHARACTERS].tbl
%System%\c_20870.nls
%System%\msafd[TWO RANDOM NUMBERS].dll
Associated Windows Registry Entries:
HKEY_LOCAL_MACHINE\SYSTEM\Current ControlSet\Services\WinSock2\mswsock32\”PathName” = “C:\WINDOWS\system32\msafd[TWO RANDOM NUMBERS].dll”