Backdoor.Esion
This page contains detailed analysis on Backdoor.Esion. To get rid of this backdoor Trojan, please use the removal guide below.
Backdoor.Esion is a deadly computer Trojan that will open a backdoor on infected computer and steal confidential information. This Trojan is found to be a component of a bot network that is currently utilized to execute a distributed denial of service attack. The attack is also known as DDOS.
Damage Level: Medium
Systems Affected: Windows 9x/ME , 2000, Windows XP, Windows Vista
Characteristics
Upon execution, Backdoor.Esion will create files containing malicious code under various folders on the computer. Please see Related Files and Folders section. The Trojan will also configure itself to run when Windows starts. Adding its own entry to the Windows registry allows the Trojan to load on itself by calling the executable file on start-up process. It allows a remote attacker to gain access on the infected computer through a backdoor port. After securing the connection, Trojan will steal certain information and sends it to a specified server. It also sends vital computer and Trojan information to the same server and register the infected computer as member of the bot network.
To perform other tasks including DDOS, Backdoor.Esion will receive an HTTP commands from a remote host, which will trigger the attack.
Distribution
Backdoor.Esion can spread in several ways using the Internet as its gateway towards a target computer. It often arrives as an attached file to spam email messages. The file may disguise as document or image file sent by a trusted contact. There are also instances that another virus will download and execute this threat onto the computer. Once it infects a PC, it was not designed to spread on a local network.
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run\"Windows Pc Driver" = "%UserProfile%\Application Data\Realhost.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\"Windows-Network" = "%System%\Host.exe" HKEY_USERS\.default\Software\Microsoft\Windows\ShellNoRoam\MUICache \"@netcfgx.dll,-50001" = "Transmission Control Protocol\Internet Protocol.Associated Files and Folders:
%System%\Host.exe %Temp%\Perflib_Perfdata_690.dat %UserProfile%\Application Data\Realhost.exe
How to Remove Backdoor.Esion
1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. To identify even the most recent variant of Backdoor.Esion, open your antivirus application and update the virus definitions.
3. Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Select Safe Mode with Networking.
- System will boot Windows loading only necessary drivers and system files.
4. Open your antivirus program and run a full system scan. After the scan, delete all infected items. If unable to delete, better place them in quarantine. Once the scan is complete please proceed with the next step.
Scan with Norton Power Eraser:
Free tool from Symantec called Norton Power Eraser provides deep scanning technology to detect and remote threats like Backdoor.Esion. NPE targets and eliminate threats that regular virus scan fails to identify. Download NPE here.
Important! Because of Norton Power Eraser’s aggressive method, it can select even legitimate files as suspicious. Please use this tool very carefully.