Backdoor.Sesent
Backdoor.Sesent is a harmful Trojan that will arrive as an attached file to spam email messages or web sites that employs a drive-by-download method. It can also infect a system by exploiting vulnerabilities in Adobe PDF documents. If executed, Backdoor.Sesent virus will permit a remote attacker to access and manipulate compromised system by creating a backdoor port.
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
First Aid to Stop Backdoor.Sesent:
When Backdoor.Sesent infects a computer, it will modify system setting and inject itself to legitimate Windows files. System Restore is the tool-to-go-to in bringing back clean files and restoring earlier configuration. If you have saved previous restore point, please restore Windows to an earlier date.
Manual Removal of Backdoor.Sesent:
1. If an anti-virus program is present, update the definition file.
2. Reboot Windows in SafeMode [how to]
3. Run a full system scan and clean/delete all infected file(s)
4. Delete/Modify any values added to the registry if present. [how to edit registry]
5. Exit registry editor and restart Windows.
Additional Tools and Programs:
Scan with Norton Power Eraser:
A free removal tool from Norton Antivirus was developed to remove unfamiliar threats without using the traditional AV signatures. Download the tool from this location and start scanning the computer for viruses.
Technical Details and Additional Information:
Other functionalities of this Trojan:
- Collect information from the system including Host Name, User Name, IP Address, MAC Address and version of Operating System.
- Accept remote message from IP address 74.82.184.170.
- Opens a backdoor on the infected unit and allow unauthorized remote access.
Malicious Files Added by Backdoor.Sesent:
%Temp%\svchost.exe
%Temp%\lsass.exe
%UserProfile%\Cookies\index64.dat
%Windir%\Installer\b28892x.msi
%System%\dllcache\aic982x.sys
%System%\esent64.exe
%Windir%\Installer\bc87ee.msi
%System%\dllcache\pit70ux.sys
%System%\wmvds32.exe
Associated Windows Registry Entries:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Secdrv\”ImagePath” = “system32\369877.tmp”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8ADE92E4-D32E-0B4B-F53F-6C7E3677DFB3}\”StubPath” = “[THREAT FILE NAME]”
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\RunOnce\”IgfxTray” = “[THREAT FILE NAME]“