Home Malware Programs Viruses Backdoor.Bot

Backdoor.Bot

Posted: July 17, 2009

Threat Metric

Threat Level: 8/10
Infected PCs: 883
First Seen: November 30, 2010
Last Seen: August 21, 2021
OS(es) Affected: Windows

Backdoor.Bot is a backdoor Trojan that compromises your computer's security to allow criminals to access the system and any confidential information that's associated with it. Variants of Backdoor.Bot may cause side effects, such as system slowdown or browser redirects, although SpywareRemove.com malware analysts emphasize that there aren't any guarantees that a specific Backdoor.Bot infection will have any visible symptoms. In some cases, variants of Backdoor.Bot may also be false positives – if you're certain that a Backdoor.Bot alert is inaccurate, you can set your anti-malware program to ignore the falsely-detected Backdoor.Bot for future scans. However, since real Backdoor.Bot attacks can monitor keyboard input, download other PC threats or force you to be exposed to various types of malicious content, SpywareRemove.com malware experts recommend that you treat most Backdoor.Bot alerts as potentially-legitimate by default.

Backdoor.Bot – the Compromise in Your Security That Appears Without Warning

The majority of infection vectors for Backdoor.Bot appear to use drive-by-downloads or PC threats that are associated with similar attacks, since most victims of Backdoor.Bot attacks haven't reported installing any type of suspicious software on their own. Given the high level of reported Backdoor.Bot infections from 2011 up to this year, Backdoor.Bot should still be considered an active threat in the wild, and SpywareRemove.com malware researchers recommend that you keep passive anti-malware protection that can block malicious web content to prevent Backdoor.Bot installations.

Although Backdoor.Bot includes several variants with minor differences in their attack capabilities, functions that can safely be assumed to be part of any Backdoor.Bot infection include:

  • Keylogging attacks that monitor and record keyboard input (IE, typing).
  • Backdoor functions that compromise your firewall and allow criminals to access your PC through a remote attack server.
  • Spyware-related functions that steal form data (password fields, etc.), insert phishing attacks into legitimate web pages or take unsolicited screenshots.
  • Botnet functions that force your PC's system resources to be used for criminal activities. SpywareRemove.com malware researchers also note that Backdoor.Bot's botnet attacks have a high probability of degrading system performance.
  • Backdoor.Bot may also install other malware onto your PC, such as browser hijackers, banking Trojans or rootkits.

Dismantling Your Part in Backdoor.Bot's Network

Backdoor.Bot is functional in most versions of Windows, including Windows 7, although SpywareRemove.com malware analysts haven't seen any indications of cross-compatibility with other brands of operating systems. Because Backdoor.Bot, like many other backdoor Trojans, has a very high chance of being associated with other types of malicious software on your PC, you should scan the entirety of your computer to delete Backdoor.Bot along with anything that may be related to its presence.

Many Backdoor.Bot-based attacks are also associated with compromised svchost.exe files. Since these attacks may be linked to rootkit functions, SpywareRemove.com malware experts discourage attempts to find or delete Backdoor.Bot without appropriate anti-malware software, lest you cause damage to your operating system.

Aliases

Generic16.CDTS [AVG]Trojan.Win32.Midgare [Ikarus]Packed.Win32.Rebhip.a.1 (v) [Sunbelt]Win-Trojan/Buzus.608256.D [AhnLab-V3]Win32/Kollah.APV [eTrust-Vet]Heuristic.BehavesLike.Win32.Suspicious.H [McAfee-GW-Edition]Win32.HLLW.Autoruner.9222 [DrWeb]Trojan-Dropper:W32/Malis.gen!H [F-Secure]Trojan.Generic.2093113 [BitDefender]Trojan.Win32.Buzus.bwqx [Kaspersky]Trojan.Buzus-4637 [ClamAV]Win32:Inject-TO [Avast]W32/Trojan2.HEBD [F-Prot]Win32/Buzus.BIGA [NOD32]W32/Autorun.worm.fy [McAfee]
More aliases (863)

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Backdoor.Bot may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%WINDIR%\system\winrsc.exe File name: winrsc.exe
Size: 63.48 KB (63488 bytes)
MD5: 729182a9cf01c56cf51cd8caed6f88b6
Detection count: 75
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system\
Group: Malware file
Last Updated: November 30, 2010
C:\RECYCLER\S-1-5-21-1947311589-7562745499-915912882-6344\msimfo32.exe File name: msimfo32.exe
Size: 103.42 KB (103424 bytes)
MD5: c67241d3ac991ece12a1c6e091284b82
Detection count: 44
File type: Executable File
Mime Type: unknown/exe
Path: C:\RECYCLER\S-1-5-21-1947311589-7562745499-915912882-6344\
Group: Malware file
Last Updated: December 9, 2010
%USERPROFILE%\Start Menu\Programs\Startup\rnnjzzv2rmm.exe File name: rnnjzzv2rmm.exe
Size: 39.93 KB (39936 bytes)
MD5: ca96f280ab521b593b0c45676e08e4eb
Detection count: 40
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\Start Menu\Programs\Startup\
Group: Malware file
Last Updated: April 8, 2011
%USERPROFILE%\Start Menu\Programs\Startup\uqqlccxooj.exe File name: uqqlccxooj.exe
Size: 39.93 KB (39936 bytes)
MD5: 98784700ee33189554b397cd5ee89e2a
Detection count: 35
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\Start Menu\Programs\Startup\
Group: Malware file
Last Updated: April 18, 2011
%USERPROFILE%\Start Menu\Programs\Startup\rl9g0bwwr1l.exe File name: rl9g0bwwr1l.exe
Size: 39.93 KB (39936 bytes)
MD5: 26615614660d568b2509a5373cbcad1c
Detection count: 21
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\Start Menu\Programs\Startup\
Group: Malware file
Last Updated: April 18, 2011
%TEMP%\sys.exe File name: sys.exe
Size: 203.55 KB (203555 bytes)
MD5: 6f743f8489ef000c14191c9e547bddca
Detection count: 21
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%\
Group: Malware file
Last Updated: January 8, 2013
%SystemDrive%\RECYCLER\S-1-5-21-8556255180-8340947505-347048866-6696\xpupdate.exe File name: xpupdate.exe
Size: 124.41 KB (124416 bytes)
MD5: 2d9b147c2059dce494223b818274d748
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\RECYCLER\S-1-5-21-8556255180-8340947505-347048866-6696\
Group: Malware file
Last Updated: December 12, 2012
C:\RECYCLER\S-1-5-21-1382786252-2331198890-065395318-6957\winlogon.exe File name: winlogon.exe
Size: 298.49 KB (298496 bytes)
MD5: 208745d6ae95730c1bb66355aaa6d638
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: C:\RECYCLER\S-1-5-21-1382786252-2331198890-065395318-6957\
Group: Malware file
Last Updated: February 21, 2011
C:\RECYCLER\S-1-5-21-1164416283-0704393758-153681830-7043\djwi2kcew.exe File name: djwi2kcew.exe
Size: 135.68 KB (135680 bytes)
MD5: 160c20bd5a310b92f0a2105fe9b37ace
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: C:\RECYCLER\S-1-5-21-1164416283-0704393758-153681830-7043\
Group: Malware file
Last Updated: February 22, 2011
%USERPROFILE%\Start Menu\Programs\Startup\ql5g1vqgg1q.exe File name: ql5g1vqgg1q.exe
Size: 39.93 KB (39936 bytes)
MD5: e5aa1ca75d8ce62b7f0ee097346f3cec
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\Start Menu\Programs\Startup\
Group: Malware file
Last Updated: April 6, 2011
%USERPROFILE%\Start Menu\Programs\Startup\081yjkf.exe File name: 081yjkf.exe
Size: 38.4 KB (38400 bytes)
MD5: fd0fc5c46c931405b005b68a9d9a8ed9
Detection count: 6
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\Start Menu\Programs\Startup\
Group: Malware file
Last Updated: December 6, 2010
C:\RECYCLER\S-1-5-21-1548338495-1396400765-946418885-8802\wnzip32.exe File name: wnzip32.exe
Size: 107 KB (107008 bytes)
MD5: 5da6ba2f4f425a04c0ff675e91cd0c9b
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: C:\RECYCLER\S-1-5-21-1548338495-1396400765-946418885-8802\
Group: Malware file
Last Updated: February 10, 2011
%WINDIR%\System32\winrom.exe File name: winrom.exe
Size: 40.44 KB (40448 bytes)
MD5: 742f9d3621a981a7bd6fc0cc8d225925
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\System32\
Group: Malware file
Last Updated: December 9, 2010
%USERPROFILE%\Start Menu\Programs\Startup\ffaavqq2kf.exe File name: ffaavqq2kf.exe
Size: 39.93 KB (39936 bytes)
MD5: 26d217ef3002f934d9f1c4787f2692f2
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\Start Menu\Programs\Startup\
Group: Malware file
Last Updated: April 11, 2011
%USERPROFILE%\Start Menu\Programs\Startup\zvlw1mns.exe File name: zvlw1mns.exe
Size: 39.93 KB (39936 bytes)
MD5: 87c7e824dd386017f1b7651a50c3ccce
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\Start Menu\Programs\Startup\
Group: Malware file
Last Updated: March 25, 2011
%USERPROFILE%\Start Menu\Programs\Startup\awwriiduup.exe File name: awwriiduup.exe
Size: 39.93 KB (39936 bytes)
MD5: 1db63bbbddce7131378767ee8f3eb60e
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\Start Menu\Programs\Startup\
Group: Malware file
Last Updated: March 28, 2011
%USERPROFILE%\Start Menu\Programs\Startup\0hm86y8.exe File name: 0hm86y8.exe
Size: 39.93 KB (39936 bytes)
MD5: 8bc5757abfcffdf65fe041e8ae000642
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\Start Menu\Programs\Startup\
Group: Malware file
Last Updated: May 3, 2011
%USERPROFILE%\Start Menu\Programs\Startup\5iidjfv.exe File name: 5iidjfv.exe
Size: 39.93 KB (39936 bytes)
MD5: 94afc9b7ec1a7c00a781e0f5df822c22
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\Start Menu\Programs\Startup\
Group: Malware file
Last Updated: April 26, 2011
%USERPROFILE%\Start Menu\Programs\Startup\5wwmns8.exe File name: 5wwmns8.exe
Size: 39.93 KB (39936 bytes)
MD5: a4ec4df6ca473fa9dae91aed5c4b2592
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\Start Menu\Programs\Startup\
Group: Malware file
Last Updated: May 3, 2011
%APPDATA%\FTF\r.exe File name: r.exe
Size: 67.99 KB (67997 bytes)
MD5: 53d4ee6fb944fa56733d1b099ca2dbd1
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\FTF\
Group: Malware file
Last Updated: October 23, 2012

More files

Related Posts