Backdoor bdd Trojan horse 

BackDoor-BDD is the remote access backdoor Trojan horse. It is available in many forms. It is written in MSVC, packed using UPX.It is also known as TROJ_AGENT.EL (Trend), TrojanDownloader.Win32.Agent.cd (AVP). 

BackDoor-BDD Trojan horse downloads several files from a specific website, when run, it creates files in Windows or Windows system directory using random file names, such as adduk.exe (26,737),sysuh32.dll (93,336),syssg32.exe (10,878) and xbatq.dl (56,832).

Another version of BackDoor-BDD Trojan,uses the file names like,crdh.exe (26,624),netbh.exe (10,244),ksjup.dll (56,832) and ipdq32.dll (93,725).

At windows startup it creates registry run keys to load the exe files.

As IE Browser Helper objects it creates registry keys to load the dll files.

The CLSIDs used are:

HKEY_CLASSES_ROOTCLSID{68603512-49E8-49B5-7E4E-69881C8964B2}

HKEY_CLASSES_ROOTCLSID{BABD9DA6-1A9E-2FD5-636D-C0DB378E00C3}

HKEY_CLASSES_ROOTCLSID{FD280D99-CBAC-A480-C965-930B4BEC2345}

HKEY_CLASSES_ROOTCLSID{040E1760-B7B3-3DB1-B4EE-EB7AA49EE36B}

HKEY_CLASSES_ROOTCLSID{3AAB843E-BFD5-2B63-CDC0-670338A2715F}

HKEY_CLASSES_ROOTCLSID{710D4788-B064-A3C4-EC29-A9E67ABEF953}

The Trojan leaves port 1024 open on local machine. It attempts to download other files from a remote website and save the downloaded file into ADS streams in existing files (random files). It also attempts to delete random system files as well as the HOSTS file (such as c:windowssystem32driversetchosts).

BackDoor-BDD Trojan horse do not self-replicate. It spread under the premise that the executable is something beneficial. IRC, peer-to-peer networks, newsgroup postings, email are platforms most liked by BackDoor-BDD Trojan to spread. It often spreads manually through these platforms.

How to Remove Backdoor bdd Trojan Horse?

For detection and removal use current engine and DAT files. If BackDoor-BDD Trojan horse modifies the system Registry and INI files for the purposes of hacking system startup then don't worry you can remove it by cleaning with the recommended engine and DAT combination.

Removal Instruction For Windows ME & Windows XP

Windows ME and XP have a additional utility known as system restore utility which backs up selected files automatically to the C:_Restore folder. Due to this an infected file could be stored there as a backup file, and VirusScan will be of no use to delete these files. To eradicate this problem you must disable the System Restore Utility to remove the infected files from the C:_Restore folder.

Follow these instructions for WindowsME:

1. Right click the My Computer icon on the Desktop and click on Properties.
2. Click on the Performance tab.
3. Click on the File System button.
4. Click on the Troubleshooting tab.
5. Put a check mark next to 'Disable System Restore'.
6. Click the 'OK' button.
7. Restart the computer.
Remove the check mark next to 'Disable System Restore’, to re-enable the Restore Utility.

Follow the instructions given below to disable the System Restore Utility for WindowsXP:

1. Right click the My Computer icon on the Desktop and click on properties.
2. Click on the System Restore tab.
3. Put a check mark next to 'Turn off System Restore on All Drives'.
4. Click the 'OK' button.
5. Restart the computer.

With the help of McAfee antivirus you can remove BackDoor-BDD Trojan horse. You can try out The Shield 2004 Professional to remove backdoor trojan.

Subscribe to "COMPTECH" ezine to get the latest news and updates on Windows Vista.

Enter your E-mail Address Enter your First Name (optional) Then Don't worry -- your e-mail address is totally secure. I promise to use it only to send you Mindpc.