Backdoor.Layork
This page contains detailed analysis on Backdoor.Layork. To get rid of this Trojan, please use the removal guide below.
Backdoor.Layork is a backdoor Trojan that will allow a remote attacker to gain access on compromised computer and steal confidential information such as user name and passwords. Backdoor.Layork may send gathered information to a remote computer or predefined web sites.
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Windows Vista
Characteristics
When the Trojan is executed, it will drop multiple files on different folders. See related files and folders area. It will also add an entry to Windows registry that allows the Trojan to run every time Windows starts.
Once running on the computer, Backdoor.Layork will connect to a remote site and start uploading stolen data. Security experts believed that an attacker would use these data for other malicious online activities.
Distribution
This kind of Trojan spread through file-sharing networks or peer-to-peer connections. In most cases, Backdoor.Layork author embeds the code onto executable files that users may acquire from a public server. Using an advanced technique, the Trojan often conceals itself from anti-virus software. There is also instances that spam email messages are used to distribute Backdoor.Layork to unspecified targets. It may arrive as an attached file that pretends as valid document file or useful programs.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\"load" = "%UserProfile%\Application Data\WININI~1.EXE"Associated Files and Folders:
%UserProfile%\Application Data\Microsoft\wininit.dll %UserProfile%\Application Data\Microsoft\wininit32.exe C:\Documents and Settings\All Users\Application Data\ntuser32.dat
How to Protect Computer From Backdoor.Layork
Internet Precautions:
- Configure email clients to block incoming emails that contains attached files with .vbs, .bat, .exe, .pif and .scr extensions.
- Be wise in opening e-mail attachments. Spam messages that pretend to be from a known source may contain infected attached files.
- Never click on a suspicious link sent through instant messaging programs.
How to Remove Backdoor.Layork
1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. Open your antivirus application and update the virus definitions. This method ensures that your antivirus program can detect even newer variants of Backdoor.Layork
3. Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Select Safe Mode with Networking.
- System will boot Windows loading only necessary drivers and system files.
4. Open your antivirus program and run a full system scan. After the scan, delete all infected items. If unable, better place them in quarantine. Once the scan is complete please proceed with the next step.
Online Virus Scanner:
Another way to remove Backdoor.Layork without the need to install additional antivirus application is to perform a thorough scan with free online virus scanner that can be found here or on websites of legitimate anti-virus and security provider.
5. Go to Online Virus Scanner list and run a virus scan. This may require plug-ins, add-on or Activex object, please install if you want to proceed with scan.
6. After completing the necessary download, your system is now ready for online virus scanning.
7. Select an option in which you can thoroughly scan the computer to make sure that it will find and delete entirely all infections not detected on previous scan.
8. Remove or delete all detected items.
9. When scanning is finished you may now restart the computer in normal mode.