Backdoor.Darkmoon.F
Backdoor.Darkmoon.F may allow unauthorized access on infected system by creating a backdoor on TCP port 1328 and connects to the member.loveminim.com and execute commands remotely. When executed, Backdoor.Darkmoon.F will create a hidden alternate data stream using the file system32:netde.exe.
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Windows Vista
Technical Details and Additional Information:
What can Backdoor.Darkmoon.F do to infected system?
- The Trojan will embed its code into the explorer.exe process.
- Creates a mutex so that only single instance of the Trojan will run.
- The program will create files and folders on the compromised system.
Malicious Files Added by Backdoor.Darkmoon.F
%Windir%\system32:netde.exe
Associated Windows Registry Entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{93D836F9-E761-F95D-E69D-A6FB1F9718F7}\ “StubPath” = “%Windir%\system32:netde.exe…”
Backdoor.Darkmoon.F – Removal
Removing Backdoor.Darkmoon.F Manually:
1. If using Windows ME or XP, System Restore must be disabled to prevent the threat from restoring itself. [Windows XP System Restore]
2. Update the virus definitions.
3. Reboot Windows in SafeMode [how to]
4. Run a full system scan and clean/delete all infected file(s)
5. Delete/Modify any values added to the registry. [how to edit registry]
6. Exit registry editor and restart Windows.
Anti-virus Tools
Scan with Norton Power Eraser:
Norton Power Eraser is a virus removal tool created by Norton Antivirus to remove unfamiliar threats without using the traditional AV signatures. Download the tool and start scanning with Norton Power Eraser.
Online Virus Scanner:
Online virus scanner can provide scan and clean functions just like any anti-virus software without the need to install additional AV product. Perform a thorough scan with free Online Virus Scanner that can be found on websites of legitimate security software provider.