Backdoor.Odivy
Backdoor.Odivy usually spreads via email attached compressed 7z or RAR SFX executable file. Backdoor.Odivy will inject malicious code into users default Internet browser that makes it exposed to remote administration tool. With its presence on the computer, remote attacker secures control over the compromised system.
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista
How to Remove Backdoor.Odivy:
FIRST AID TO STOP Backdoor.Odivy:
Backdoor.Odivy ‘s capability to edit Windows registry and modify settings of default web browser will produce high level of annoyances on the computer. Not to mention that this actions may lead to imposition of other malevolent activities including browser redirect, stolen credentials and system instability.
First thing to do to re-establish computers normal working state is to initiate system restore. This method will return back unnecessary changes completed by Backdoor.Odivy.
MANUAL REMOVAL OF Backdoor.Odivy:
1. If an anti-virus program is present, update the definition file.
2. Reboot Windows in Safe Mode
- After turning on the power, press F8 on the keyboard.
- From the menu, select Safe Mode.
3. Run a full system scan and clean/delete all infected file(s).
4. Delete/Modify any values added to the registry if present.
- To edit the registry, click on Start. Search or Run regedit.exe.
Note: For a complete guide on Safe Mode and Registry Editor, please see tutorial links on the sidebar.
5. Exit registry editor and restart Windows.
ADDITIONAL TOOLS AND PROGRAMS:
Scan with Norton Power Eraser:
A free removal tool from Norton Antivirus was developed to remove virus and unfamiliar threats without using the traditional AV signatures. Download the tool from this location and start scanning the computer for viruses.
Technical Details and Additional Information:
Other functionalities of this Trojan:
- Backdoor.Odivy configures to run every time Windows is started.
- The Trojan can open a backdoor on infected computer and connects to remote location using TCP port 80.
- It accepts commands from a remote attacker which steals sensitive information.
Malicious Files Added by Backdoor.Odivy:
%CommonProgramFiles%\ODBC\ODUBC.DLL
%System%\jql.sys
%System%\winsys.exe
%Temp%\happiness.txt
%Temp%\xxxx.exe
File Location for Windows Versions:
- %System% for all versions of Windows it is located under C:\Windows\System32
- %Temp% refers to C:\Windows\Temp\.
Associated Windows Registry Entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{34DED0E2-8B26-67FC-4718-B8C8A145ADB6}\”StubPath” = “%System%\winsys.exe”