Backdoor.Ripinip

This page contains detailed analysis on Backdoor.Ripinip. To get rid of this Trojan, please use the removal guide below.

Backdoor.Ripinipis a computer Trojan horse that may allow a remote attacker to gain unauthorized access on the infected system. This Trojan will be installed as a Browser Helper Object with auto-start function when victim use Internet Explorer to browse the web. The threat may also communicate with a remote server to download more malware and pull down configuration files in order to update itself. Upgraded version of this Trojan causes added harm to the involved PC. It may also endanger victim’s private data.

When user executes Backdoor.Ripinip, it will drop files under Windows and Temporary folder. One Dynamic Link Library (.DLL) and another is executable (.EXE) file. The Trojan also modifies the registry and installs a Browser Helper Objects (BHO) on Internet Explorer. This action will allow the Trojan to execute whenever user opens Internet Explorer.

To run the harmful code when Windows starts, this Trojan will create a Windows service with the following details:

Display name: Remote IPRIP Services
Description: Listener reads Remote Routing Information Protocol (RIP) packets
Service DLL: %Windir%\System32\liprip.dll
Image path: Auto Start

Lastly, this Trojan will create a backdoor on the infected system and provide remote access for the attacker to perform the following actions:

  • Download update from a remote server and update the Trojan.
  • Download more malware from its own server to improve its payload.
  • It will Redirect search result link to another web site if user is using google.cn, baidu.com, and sogou.com.

Alias: Troj/Mdrop-DIU

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

How to Remove Backdoor.Ripinip

NOTE: We suggest that you PRINT or BOOKMARK this guide. There are steps that we may have to restart the computer in order to successfully remove the threat.

Step 1 : Run a scan with your antivirus program

1. First thing you should do is reboot the computer in Safe Mode with Networking to avoid Backdoor.Ripinip from loading at start-up.

Remove all media such as Memory Card, cd, dvd, and USB devices. Then, restart the computer and please do the following:

Boot in Safe Mode on Windows XP, Windows Vista, and Windows 7 system
a) Before Windows begins to load, press F8 on your keyboard.
b) It will display the Advanced Boot Options menu. Select Safe Mode.

Start computer in Safe Mode using Windows 8 and Windows 10
a) Close any running programs on your computer.
b) Get ready to Start Windows. On your keyboard, Press and Hold Shift key and then, click on Restart button.
c) It will prompt you with options, please click on Troubleshoot icon.
d) Under Troubleshoot window, select Advanced Options.
e) On next window, click on Startup Settings icon.
f) Lastly, click on Restart button on subsequent window.
g) When Windows restarts, present startup options with numbers 1 - 9. Select "Enable Safe Mode with Networking" or number 5.

Startup Options

h) Windows will now boot on Safe Mode with Networking. Proceed with virus scan as the next step.

2. Once Windows is running under Safe Mode with Networking, open your antivirus program and download the most recent update. This method ensures that your antivirus program can detect even newer variants of Backdoor.Ripinip.

Updating your antivirus software is a one-click process. Please refer to your software manual for complete instructions.

3. Once updating is finished, run a full system scan. After the scan, delete all infected items. If unable to clean or delete, better place the threat in quarantine.

Step 2: Run another test with Norton Power Eraser

1. Click on the button below to download Norton Power Eraser from official web site. Save it to your desktop or any location of your choice.

NPE Download

4. Once the file is downloaded, navigate its location and double-click on the icon (NPE.exe) to launch the program.
5. Norton Power Eraser will run. If it prompts for End User License Agreement, please click on Accept.
6. On NPE main window, click on Advanced. We will attempt to remove Backdoor.Ripinip components without restarting the computer.

Advance Scan

7. On next window, select System Scan and click on Scan now to perform standard scan on your computer.

Scan the System

8. NPE will proceed with the scan. It will search for Trojans, viruses, and malware like Backdoor.Ripinip. This may take some time, depending on the number of files currently stored on the computer.

9. When scan is complete. All detected risks are listed. Remove them and restart Windows if necessary.

Alternative Removal Methods for Backdoor.Ripinip

Option 1 : Use Windows System Restore to return Windows to previous state

During an infection, Backdoor.Ripinip drops various files and registry entries. The threat intentionally hides system files by setting options in the registry. With these rigid changes, the best solution is to return Windows to previous working state is through System Restore.

To verify if System Restore is active on your computer, please follow the instructions below to access this feature.

Access System Restore on Windows XP, Windows Vista, and Windows 7

a) Go to Start Menu, then under 'Run' or 'Search Program and Files' field, type rstrui.
b) Then, press Enter on the keyboard to open System Restore Settings.

rstrui-win7

Open System Restore on Windows 8

a) Hover your mouse cursor to the lower left corner of the screen and wait for the Start icon to appear.
b) Right-click on the icon and select Run from the list. This will open a Run dialog box.
c) Type rstrui on the 'Open' field and click on OK to initiate the command.

rstrui-win8

If previous restore point is saved, you may proceed with Windows System Restore. Click here to see the full procedure.

Option 2 : Backdoor.Ripinip manual uninstall guide

IMPORTANT! Manual removal of Backdoor.Ripinip requires technical skills. Deleting system files and registry entries by mistake may result to total disability of Windows system. We advise you to perform a backup of registry before proceeding with this guide.

1. Kill any running process that belongs to Backdoor.Ripinip.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for Backdoor.Ripinip files (refer to Technical Reference) and click End Process.

End Task

2. Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit and press Enter. This will open registry editor.
- Find and delete registry entries as mentioned in Technical Reference section below.
- Close registry editor. Changes made will be save automatically.

Run Regedit

3. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.

4. Delete all files dropped by Backdoor.Ripinip.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Technical Reference'. Make sure that you execute 'End Task' first before deleting the file. Otherwise, the system will not let you perform this action.

FAQs

Is Dangerous?

Yes, can badly affect your computer and slow down its performance and usability.

Can I Remove from my Computer?

Yes, can be removed by downloading our recommended antivirus software and scanner.

How Easy is it to Remove Virus?

Nearly all paid antivirus scanners and removal tools should help remove the virus from your computer.

Once I remove do I still need antivirus?

Yes, new viruses such as are created everyday and the only way to stay 100% protected is to use antivirus on your device.

Associated Files and Folders:Added Registry Entries:
Avatar

About Marco Mathew

Marco Mathew works as Windows Network administrator before establishing precisesecurity.com. Now, Marco is dedicating full-time to help computer users' fight viruses, malware, trojan, worms, adware, and potentially unwanted programs.

Leave a Comment

Your email address will not be published. Required fields are marked *