Backdoor.Wualess.D

8 January 2008 0 Comment

Backdoor.Wualess.D is a Trojan that allows remote attacker to obtain unauthorized access on compromised computer. Once inside the system, Backdoor.Wualess.D also creates  registry and system service to load itself when Windows is started. It can further harm the affected PC by connecting to a remote server to download and execute more malicious files.

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista

How to Remove Backdoor.Wualess.D:

FIRST AID TO STOP Backdoor.Wualess.D:
If this virus have infected the system, registry and legitimate Windows files are also compromised. System Restore can reinstate clean system files by restoring the configuration to an earlier date. If a restore point was created before you got infected with Backdoor.Wualess.D, please restore Windows to previous configuration.

MANUAL REMOVAL OF Backdoor.Wualess.D:
1. Update installed anti-virus application to have the latest definition file.
2. Reboot Windows in Safe Mode
- After turning on the power, press F8 on the keyboard.
- Select Safe Mode from the menu.

3. Thoroughly scan the system and clean/delete all infected file(s). Please see below.
4. Delete/Modify any values added to the registry if present. Refer to associated Windows Registry Entries.
- Click on Start. Search or Run regedit.exe to begin registry editor.

Note: You may refer to links on sidebar for a complete tutorial on Safe Mode and Registry Editor.

5. Exit registry editor and restart Windows.

ADDITIONAL TOOLS AND PROGRAMS:

Scan with Norton Power Eraser:
A free removal tool from Norton Antivirus was developed to remove virus and unfamiliar threats without using the traditional AV signatures. Download the tool and start scanning with Norton Power Eraser.

Technical Details and Additional Information:

Other functionalities of this Trojan:
- Backdoor.Wualess.D steals sensitive information from the infected computer.
- It can capture screen shot and save the image on specified location.
- The Trojan can also access and copy files from an infected system.

Malicious Files Added by Backdoor.Wualess.D:
%Temp%\dnscache32-0.exe
%System%\[RANDOM NAME].dll

File Location for Windows Versions:

  • %System% for all versions of Windows it is located under C:\Windows\System32
  • %Temp% refers to C:\Windows\Temp\.

Associated Windows Registry Entries:
HKEY_LOCAL_MACHINE\System\[CONTROL SET]\ServicesaDnscache32 (Dnscache32 service)