Backdoor.Pirpi is a Trojan that will allow a remote attacker to gain access on the infected computer. Backdoor.Pirpi will take advantage of the Microsoft Internet Explorer CSS Tags Remote Code Execution Vulnerability to infect a computer.

Technical Information:

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

Manual Removal of Backdoor.Pirpi:

1. Temporarily Disable System Restore.
2. Update the virus definitions.
3. Restart Windows in Safe Mode.
4. Run a full system scan and clean/delete all infected files.
5. Delete/Modify any values added to the registry.
6. Exit registry editor and restart Windows.

Scan with Norton Power Eraser:
A free removal tool from Norton Antivirus was developed to remove unfamiliar threats without using the traditional AV signatures. Download the tool from this location and start scanning the computer for viruses.

Technical Details and Additional Information:

Other functionalities of this Trojan:
– Connects to a remote server
– Downloads malicious .GIF files
– Set and display configuration data
– Execute commands using cmd.exe

Malicious Files Added by Backdoor.Pirpi:
%SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\Startup\ctfmon.exe

Associated Windows Registry Entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shell Folders\Common Startup = “%CommonPrograms%”

Leave a Reply

Your email address will not be published. Required fields are marked *