Home Malware Programs Backdoors BKDR_DOKSTORMC.A


Posted: November 26, 2012

Threat Metric

Ranking: 2,943
Threat Level: 1/10
Infected PCs: 2,387
First Seen: November 26, 2012
Last Seen: June 22, 2022
OS(es) Affected: Windows

BKDR_DOKSTORMC.A is a backdoor Trojan that spreads via a spam email message warning recipients of a Tsunami and urges them to click on a link to watch a video. The 'watch now' link connects to {BLOCKED}be.us and downloads a malicious file called 'sunami_australian_agency_of_volcanology_and_seismology.avi.pif', detected as BKDR_DOKSTORMC.A, that poses as an AVI in a ZIP archive. BKDR_DOKSTORMC.A connects to {BLOCKED}s117.no-ip.org, which resolved to {BLOCKED}.{BLOCKED}.13.114, but currently resolves to {BLOCKED}{BLOCKED}.116.223. The malware threat is a Remote Access Trojan (RAT), known as Arcom RAT, and it is sold on underground forums for $2000.00. However, there are many forum posts complaining that the said RAT is overpriced. There are also free cracked versions available for download from various sources. Arcom RAT was reportedly authored by 'princeali' who has been actively coding RATs and malware threat for a long period of time. The alias 'princeali' is associated with a group known as NuclearWinterCrew which produced the infamous NuclearRAT.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to BKDR_DOKSTORMC.A may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

sunami_australian_agency_of_volcanology_and_seismology.avi.pif File name: sunami_australian_agency_of_volcanology_and_seismology.avi.pif
Mime Type: unknown/pif
Group: Malware file