Backdoor.Pirpi

Backdoor.Pirpi is a Trojan that will allow a remote attacker to gain access on the infected computer. Backdoor.Pirpi will take advantage of the Microsoft Internet Explorer CSS Tags Remote Code Execution Vulnerability to infect a computer.

Technical Information:

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

Manual Removal of Backdoor.Pirpi:

1. Temporarily Disable System Restore.
2. Update the virus definitions.
3. Restart Windows in Safe Mode.
4. Run a full system scan and clean/delete all infected files.
5. Delete/Modify any values added to the registry.
6. Exit registry editor and restart Windows.

Scan with Norton Power Eraser:
A free removal tool from Norton Antivirus was developed to remove unfamiliar threats without using the traditional AV signatures. Download the tool from this location and start scanning the computer for viruses.

Technical Details and Additional Information:

Other functionalities of this Trojan:
- Connects to a remote server
- Downloads malicious .GIF files
- Set and display configuration data
- Execute commands using cmd.exe

Malicious Files Added by Backdoor.Pirpi:
%SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\Startup\ctfmon.exe
%System%\msnetacsvc.dll
%System%\mswncwsrvt.dll

Associated Windows Registry Entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shell Folders\Common Startup = “%CommonPrograms%”

Alternative Removal Method for Backdoor.Pirpi

Option 1 : Use Windows System Restore to return Windows to previous state

If Backdoor.Pirpi enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before Backdoor.Pirpi infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.