Backdoor.Specfix
Backdoor.Specfix is computer Trojan that will allow a remote attacker to gain access on the contracted computer. A backdoor port will be created by Backdoor.Specfix to manipulate the system and steal information such as IP address, host-name, proxy connection that will be sent to a remote computer.
Technical Information:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Manual Removal of Backdoor.Specfix:
1. Temporarily Disable System Restore (Windows Me/XP/Vista/7) . [how to]
2. Update the virus definitions.
3. Restart Windows in SafeMode [how to]
4. Run a full system scan and clean/delete all infected file(s)
5. Delete/Modify any values added to the registry. [how to edit registry]
6. Exit registry editor and restart Windows.
Online Virus Scanner:
Another way to remove a virus without the need to install additional anti-virus application is to perform a thorough scan with free Online Virus Scanner that can be found here or on websites of legitimate anti-virus and security provider.
Technical Details and Additional Information:
Other functionalities of this Trojan:
- Download and execute files from another computer
- Send gathered information to an specified server
- Modify system registry to run itself
- Create its own files under %UserProfile%\Application Data\
Malicious Files Added by Backdoor.Specfix:
%System%\mswsock32.dll
Associated Windows Registry Entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WinHelp\v
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WinHelp\g
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WinHelp\!script!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WinHelp\i
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WinHelp\id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\”LibraryPath” = “%System%\mswsock32.dll”