Backdoor.Darkmoon.F
Backdoor.Darkmoon.F may allow unauthorized access on infected system by creating a backdoor on TCP port 1328 and connects to the member.loveminim.com and execute commands remotely. When executed, Backdoor.Darkmoon.F will create a hidden alternate data stream using the file system32:netde.exe.
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Windows Vista
Technical Details and Additional Information:
What can Backdoor.Darkmoon.F do to infected system?
- The Trojan will embed its code into the explorer.exe process.
- Creates a mutex so that only single instance of the Trojan will run.
- The program will create files and folders on the compromised system.
Malicious Files Added by Backdoor.Darkmoon.F
%Windir%\system32:netde.exe
Associated Windows Registry Entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{93D836F9-E761-F95D-E69D-A6FB1F9718F7}\ “StubPath” = “%Windir%\system32:netde.exe…”
Backdoor.Darkmoon.F – Removal
Removing Backdoor.Darkmoon.F Manually:
1. If using Windows ME or XP, System Restore must be disabled to prevent the threat from restoring itself. [Windows XP System Restore]
2. Update the virus definitions.
3. Reboot Windows in SafeMode [how to]
4. Run a full system scan and clean/delete all infected file(s)
5. Delete/Modify any values added to the registry. [how to edit registry]
6. Exit registry editor and restart Windows.
Anti-virus Tools
Scan with Norton Power Eraser:
Norton Power Eraser is a virus removal tool created by Norton Antivirus to remove unfamiliar threats without using the traditional AV signatures. Download the tool from this location and start scanning the computer for viruses.
Online Virus Scanner:
Online virus scanner can provide scan and clean functions just like any anti-virus software without the need to install additional AV product. Perform a thorough scan with free Online Virus Scanner that can be found here or on web sites of legitimate security software provider.