Backdoor.Riken
Backdoor.Riken is a Trojan that will arrive on the computer by exploiting Adobe Acrobat PDF vulnerability. Backdoor.Riken can open a backdoor on the infected computer that will allow a remote attacker to gain access.
Technical Information:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Manual Removal of Backdoor.Riken:
1. Temporarily Disable System Restore (Windows Me/XP/Vista/7) . [how to]
2. Update the virus definitions.
3. Restart Windows in SafeMode [how to]
4. Run a full system scan and clean/delete all infected file(s)
5. Delete/Modify any values added to the registry. [how to edit registry]
6. Exit registry editor and restart Windows.
Scan with Norton Power Eraser:
A free removal tool from Norton Antivirus was developed to remove unfamiliar threats without using the traditional AV signatures. Download the tool from this location and start scanning the computer for viruses.
Technical Details and Additional Information:
Other functionalities of this Trojan:
- Download and execute files
- Block Internet access
- Redirect predefined URL to other web sites
- Embed snippets to online banking web sites to steal information
Malicious Files Added by Backdoor.Riken:
%System%\svcvc.exe
%System%\UsbStorageLog.txt
Associated Windows Registry Entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”SamPs” = “C:\WINDOWS\system32\svcvc.exe”
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\”C:\WINDOWS\system32\svcvc.exe” = “C:\WINDOWS\system32\svcvc.exe:*:Enabled:svcvc.exe”
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Window\”monstate” = “ID”
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Window\”KeyKill” = “ID”