Full
Name: |
BackDoor.Ebnoy Websearch Read More |
| Type: |
Trojan |
| Also
Known as: |
Troj/Bifrose-KP (Sophos),Backdoor.Win32.Bifrose.rr
W32/Sdbot.worm.gen.h [Mcafee] |
| SG Index: |
6 [Explain] |
| Removal tools: |
List
of products that detect/remove/protect against BackDoor.Ebnoy:
Endpoint Spyware Remediation: Greynet Enterprise Manager
|
|
|
| Category Description: |
A Trojan is a program that enables an attacker to get nearly complete control over an infected PC. Frequently used tool by malicious hackers. When this program executes, the program performs a specific set of actions. This usually works toward the goal of allowing the trojan to survive on a system and open up a backdoor.
|
| Comment: |
BackDoor.Ebnoy is an IRC Backdoor Trojan that allows a remote attacker to control the compromised computer and performs various malicious actions through Internet Relay Chat (IRC).
It adds False IP's to more than 50 popular antivirus companies urls in the Host file, disables antivirus notifications, firewall notifications, update notifications, and overrides firewalls. It also steals data from SQL Server and Mysql databases.
It drops oreans32.sys and libmysql.dll, where oreans32.sys is a component of a legitimate executable file protection system and in itself is not malicious. The file oreans32.sys is registered as a new system driver service named "oreans32", with a display name of "oreans32".
libmysql.dll is also a legitimate client API used to trace SQL statement sent by other applications.
BackDoor.Ebnoy creates the folder, %Windir%\system32\programs\.
These files are used for Transmission through P2P programs.
Copies itself to the %Windir%\system32\programs\ folder as the following filenames:
2 Find MP3 8.2.0.exe
Adobe InDesign CS 2.exe
Adobe keygen for photoshop indesign incopy SERIAL crack.exe
Adobe Photoshop CS 2.exe
Autocad 2002 Crack.exe
Autocad 2004 Crack.exe
Autocad 2005 Crack.exe
Autocad 2006 Crack.exe
BEST HACK TOOL FOR REAL HACKERS KEYLOGGER WEBCAM SPY! - PRIVATE.exe
Counter strike - cs full version.exe
Counter strike keygen WORKING FOR ONLINE STEAM.exe
Credit card generator.exe
Eric vd Vogt Gay Movie - Dutch homosexual fetish raped.exe
Fifa 2006 FULL with crack.exe
Fifa 2007 FULL with crack.exe
flash 8.exe
Free SMS Bomber.exe
Google hack tutorial for beginners.exe
HalfLife 2 WORKING Steam crack.exe
Hotmail account hacker in 30 minutes.exe
Hotmail hacker.exe
hotmail_account_sniffer.exe
Hotmailhacker v1.0.exe
IP Changer.exe
Microsoft Office Activation Crack.exe
Microsoft Office Professional Crack.exe
Microsoft Office Professional Serial.exe
Microsoft Office Professional Universal Crack without serial.exe
Microsoft Office Universal Activator v1.0.exe
MSN hacker - password stealer.exe
norton anti virus FULL NEWEST VERSION.exe
Norton AntiVirus 2005 crack.exe
Norton AntiVirus 2006 crack.exe
Norton antivirus crack.exe
Norton firewall 2006 crack.exe
porn.exe
porn_account_cracker.exe
porn_account_hacker.exe
psx2 - playstation 2 emulator.exe
toon boom.exe
UniVersal GSM unlocker for removing simlock (NOKIA,ERICSSON,SONY,SAMSUNG,OTHERS).exe
WinRAR 4 beta.exe
yahoo_cracker.exe
yahoo_hacker.exe
Yahoo_mail_cracker.exe
ZoneAlarm crack (keygen).exe |
| Screenshots: |
 |
BackDoor.Ebnoy employs false messages like the one above to spread through IRC. |
|
| |
|
| Manual
removal: |
Large amount of Hijacked domains are placed in the Hosts file. Its probably better to delete the file itself than to fix each item.(and create a Backup)
File location is C:\Windows\System32\drivers\etc\hosts
To Correct Modified Registry Values:
1.Click on Start , click run.
2.Type "regedit" and press enter.
3.Navigate to "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center"
4.Right Click on "AntiVirusDisableNotify" ,click on Modify , Type " 0 " in Value Data field in place of "1" and press Enter.
5.Right Click on "FirewallDisableNotify" , click on Modify , Type "0" in Value Data field in place of "1" and press Enter.
6.Right Click on "FirewallOverride" , click on Modify , Type "0" in Value Data field in place of "1" and press Enter.
7.Right Click on "UpdatesDisableNotify" , click on Modify , Type "0" in Value Data field in place of "1" and press Enter.
8. Navigate to "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" .
9. Right Click on "Shell" , click on Modify , Type "Explorer.exe" in Value Data field in place of " Explorer.exe msdhcprs.exe" and press Enter.
10. Restart computer. |
| Properties: |
Allows remote connect
Allows remote control
Attacks security software
Autostarts/Stays Resident
Changes HOSTS file
Supports File Transfer
Opens ports
Stealth Tactics
|
Click here to leave feedback for this product
|
|
| Help with the BUST! |
|
| Click here and give us what details you
have and let our international research
team take it from there. If you desire
your report will remain anonymous. |
|
|
|
|
|
