Quick Links: SpywareGuide Greynets Blog | SpywareGuide Product Database | SpywareGuide Company Database | SpywareGuide Categories
Search SpywareGuide Database & Site
Security Email Alerts & Updates
SpywareGuide powered by FaceTime Security Labs
 
Full Name:
 BackDoor.SndMax Websearch   Read More
Type: Trojan
Also Known as: W32.Spybot.Worm (Sunbelt),Worm.P2P.SpyBot.gen
SG Index: 5 [Explain]
Removal tools: List of products that detect/remove/protect against BackDoor.SndMax:
  • Endpoint Spyware Remediation: Greynet Enterprise Manager
    		•
    Category Description: A Trojan is a program that enables an attacker to get nearly complete control over an infected PC. Frequently used tool by malicious hackers. When this program executes, the program performs a specific set of actions. This usually works toward the goal of allowing the trojan to survive on a system and open up a backdoor.
    Comment: BackDoor.SndMax is an IRC Backdoor Trojan Horse that gives its author control of an infected computer through Internet Relay Chat (IRC).

    It adds False IP's to more than 50 popular antivirus companys urls in the Host file, disables antivirus notifications, firewall notifications, update notifications, and overrides firewalls.
       
    Manual removal: Large amount of Hijacked domains are placed in the Hosts file. Its probably better to delete the file itself than to fix each item.(and create a Backup)
    File location is C:\Windows\System32\drivers\etc\hosts

    To Correct Modified Registry Values:

    1.Click on Start , click run.
    2.Type "regedit" and press enter.
    3.Navigate to "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center"
    4.Right Click on "AntiVirusDisableNotify" ,click on Modify , Type " 0 " in Value Data field in place of "1" and press Enter.
    5.Right Click on "FirewallDisableNotify" , click on Modify , Type "0" in Value Data field in place of "1" and press Enter.
    6.Right Click on "FirewallOverride" , click on Modify , Type "0" in Value Data field in place of "1" and press Enter.
    7.Right Click on "UpdatesDisableNotify" , click on Modify , Type "0" in Value Data field in place of "1" and press Enter.
    8. Navigate to "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" .
    9. Right Click on "Shell" , click on Modify , Type "Explorer.exe" in Value Data field in place of "Explorer.exe SndMAX.exe" and press Enter.
    10. Restart computer.
    Properties:
  •  Allows remote connect
  •  Allows remote control
  •  Attacks security software
  •  Blocks Security Sites
  •  Changes HOSTS file
  •  System Reconfiguration
    		•

    Click here to leave feedback for this product
    Help with the BUST!
    Become A Spyspotter!
    Bust the Bad Guys!
    Click here and give us what details you have and let our international research team take it from there. If you desire your report will remain anonymous.
    Recent Blog Posts
  • A Year In Security
  • Youtube Comment Bot Spams In Waves
  • VGA Awards Trailers Used As Bait For Spam Offers
  • Fake Visa Electronic Report Serves Up Zbot Data Stealer
  • Banned Console Owners Beat The System - With Stickers
  • Spot The Hack
  • The Futility Of EULAs
  • Auto Whaler Spears Phishers
  • Fake Porn Grabbers Snag Nothing But Malware
  • Console DDoS Botnets - A Thriving Industry
    • Recent Modifications
    2010-3-11  Email Threats
    2010-3-9  WeBuying
    2010-3-9  HappytoFind
    2010-3-5  PaintBrush
    2010-3-5  Downloader-Tadpu
    2010-3-4  Unclassified Trojans
    2010-3-2  ParisVoyeur
    2010-3-2  CoolWebSearch
    2010-2-23  Dialers
    2010-2-19  NetPumper 1.2
     

    Site EULA | Site Map | Contact Us | About Us | Site and Spyware FAQ | Advertise | RSS Feeds  | Link To Us | SpywareGuide Japan Japanese

    © Copyright 2007, FaceTime Communications, Inc. All rights reserved.