Contents of this article pertain to Backdoor.Finfish. This page includes description, technical aspects, and removal guide to delete the threat from your computer.
Backdoor.Finfish is a computer Trojan that may give remote attacker an access onto the infected system. Via this connection, Trojan author may control the compromised computer and gather sensitive data including user name and password. Moreover, Backdoor.Finfish will drop huge amount of files into the infected computer.
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Windows Vista/7
Once Backdoor.Finfish is executed on the computer, it will create vast amount of files. The files contain both clean and malicious components are placed on Temp folder of Windows and UserProfile. See technical details section for a list of these files. Next, the threat will make a registry subkey for Windows, which has a special purpose for Trojan’s operation.
When running inside the computer, Backdoor.Finfish establishes a port that will allow a remote attacker to gain control on the infected PC. This port may also be used to monitor the computer and steal sensitive data, which will be saved as a text or log file.
The Trojan then attempts to connect to specific command-and-control (C&C) servers to perform the following actions:
- Inform Trojan author of the successful attack
- Receive commands from a remote attacker
- Download configuration file and updates itself
- Upload stolen information
Backdoor.Finfish spreads through a number of means ordinarily employs by other similar threats. Recent findings show that malicious links will direct victims to Trojan download page. These links may reach user via spam email messages, instant messaging program and malicious blogs that discuss most recent news and topics.
As you can see on the image below, effective antivirus program can detect and quarantine Backdoor.Finfish. Real-time protection helps prevent infection by identifying the threat before it can enter the computer.
How to Remove Backdoor.Finfish
1. Temporarily Disable System Restore if you are using Windows XP. For Windows Vista/7 users, you may use System Restore to return Windows to a previous clean state. However, you must have a saved restore points to accomplish this. Otherwise, proceed with the removal process.
2. Open your antivirus application and update the virus definitions. This method ensures that your antivirus program can detect even newer variants of Backdoor.Finfish .
3. Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Select Safe Mode with Networking.
- System will boot Windows loading only necessary drivers and system files.
4. Open your antivirus program and run a full system scan. After the scan, delete all infected items. If unable, better place them in quarantine. Once the scan is complete, please proceed with the next step.
Online Virus Scanner:
Another way to remove Backdoor.Finfish without the need to install additional antivirus application is to perform a thorough scan with free online virus scanner that can be found on websites of legitimate anti-virus and security provider.
5. Go to Online Virus Scanner list and run a virus scan. This may require plug-ins, add-on or Activex object, please install if you want to proceed with scan.
6. After completing the necessary download, your system is now ready for online virus scanning.
7. Select an option in which you can thoroughly scan the computer to make sure that it will find and delete entirely all infections not detected on previous scan.
8. Remove or delete all detected items.
9. When scanning is finished, you may now restart the computer in normal mode.
Automatic Removal of Backdoor.FinfishIn order to completely remove the threat, it is best to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected machine.
Alternative Removal Method for Backdoor.Finfish
Option 1 : Use Windows System Restore to return Windows to previous state
If Backdoor.Finfish enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before Backdoor.Finfish infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.
Option 2 : Backdoor.Finfish manual uninstall guide
IMPORTANT! Manual removal of Backdoor.Finfish requires technical skills. Deleting system files and registry entries by mistake may result to total disability of Windows system. We advise you to perform a backup of registry before proceeding with this guide.
1. Kill any running process that belongs to Backdoor.Finfish.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for Backdoor.Finfish files (refer to Technical Reference) and click End Process.
2. Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit and press Enter. This will open registry editor.
- Find and delete registry entries as mentioned in Technical Reference section below.
- Close registry editor. Changes made will be save automatically.
3. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.
4. Delete all files dropped by Backdoor.Finfish.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Technical Reference'. Make sure that you execute 'End Task' first before deleting the file. Otherwise, the system will not let you perform this action.