Backdoor.Dipigger
Backdoor.Dipigger is a Trojan that will give remote attacker an access to infected system. It will also allow an attacker to run arbitrary commands remotely resulting to additional harm.
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Windows Vista, Windows 7
Characteristics
When Backdoor.Dipigger is executed, it will drop several files inside Windows directory. These malicious files are essential to Trojans operation. To execute the file on Windows start-up, Backdoor.Dipigger will create a registry entry and add subkey to an existing one:
- HKEY_LOCAL_MACHINE\SOFTWARE\XXX_[eight random alpha-numeric characters]
One the Trojan is operational, it will create a backdoor to allow a remote attacker in performing the following:
- Explore infected computer’s files and folders
- Take screen shot image
- View the list of running processes Steal sensitive information by recording key strokes
Next, Backdoor.Dipigger will attempt to communicate to predefined remote computers/servers to download more threats and update itself.
Distribution
Backdoor.Dipigger normally arrives as a threat dropped by another Trojan. It may also acquire from maliciously created web sites or legitimate web sites that are compromised by a Trojan.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"XXX_[EIGHT RANDOM HEXADECIMAL CHARACTERS]" = "[PATH TO TROJAN EXECUTABLE]"Associated Files and Folders:
%Windir%\Temp\conhost.exe %Windir%\Temp\dllhost.exe %Windir%\Temp\mstsc.exe %Windir%\erdsas.exe
How to Remove Backdoor.Dipigger
1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. To be able to identify even the most recent variant of Backdoor.Dipigger, open your antivirus application and update the virus definition file.
3. Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 on your keyboard repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Please select Safe Mode with Networking.
- The system will now boot Windows and loads only necessary drivers and files.
4. Open your antivirus program and run a full system scan. After the scan, delete all infected items. If unable to delete, better place them in quarantine. Once the scan is complete, please proceed with the next step.
Scan with Norton Power Eraser:
Free tool from Symantec called Norton Power Eraser provides deep scanning technology to detect and remote threats like Backdoor.Dipigger. NPE targets and eliminate threats that regular virus scan fails to identify. Download NPE here.
Important! Because of Norton Power Eraser’s aggressive method, it can select even legitimate files as suspicious. Please use this tool very carefully.