Backdoor.Graybird.B

Discussion in 'malware problems & news' started by Randy_Bell, Apr 15, 2003.

Thread Status:
Not open for further replies.
  1. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    Symantec Security Response - Backdoor.Graybird.B

    Backdoor.Graybird.B is a variant of Backdoor.Graybird. It gives a hacker unauthorized access to your computer. The existence of the file Svch0st.exe is an indication of a possible infection.

    This threat is written in Delphi and compressed with ASPack.

    Also Known As: Backdoor.Delf.eb [KAV]
    Type: Trojan Horse
    Infection Length: 306,804 bytes
    Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me
    Systems Not Affected: Windows 3.x, Macintosh, OS/2, UNIX, Linux

    Once Backdoor.Graybird is installed, it waits for the commands from the remote client. These commands allow the hacker to perform any of the following actions:
    • Deliver system and network information to the hacker, including login names and cached network passwords.
    • Install an FTP server, which allows the hacker to use the compromised computer as a temporary storage device.
    • Open or close the CD-ROM drive and perform other annoying actions.
    • Download and execute files.
    (See above link for technical details, removal instructions, and reversing changes made to the registry)
     
    Randy_Bell, Apr 15, 2003
    #1
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...