Backdoor.Ripinip
Backdoor.Ripinip is a computer Trojan horse that may allow a remote attacker to gain unauthorized access on the infected system. Backdoor.Ripinip will be installed as a Browser Helper Object that starts when Internet Explorer is executed. Downloading additional malware is its another payload.
Technical Information:
Alias:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Manual Removal of Backdoor.Ripinip:
1. Temporarily Disable System Restore (Windows Me/XP/Vista/7) . [how to]
2. Update the virus definitions.
3. Restart Windows in SafeMode [how to]
4. Run a full system scan and clean/delete all infected file(s)
5. Delete/Modify any values added to the registry. [how to edit registry]
6. Exit registry editor and restart Windows.
Online Virus Scanner:
Another way to remove a virus without the need to install additional anti-virus application is to perform a thorough scan with free Online Virus Scanner that can be found here or on websites of legitimate anti-virus and security provider.
Technical Details and Additional Information:
Other functionalities of this Trojan:
- Download and execute updates for itself
- Redirect browser to a predefined web sites
- Pull down additional threats
Malicious Files Added by Backdoor.Ripinip:
%Windir%\fsutk.dll
%Temp%\[THREE RANDOM CHARACTERS].exe
Associated Windows Registry Entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF50AC63-19DA-487E-AD4A-0B452D823B59}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF50AC63-19DA-487E-AD4A-0B452D823B59}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF50AC63-19DA-487E-AD4A-0B452D823B59}