Anthena 4.0

· Overview ·
· Origins ·
· Distribution ·
· Operation ·
· Detection and Removal ·
· Research ·

Overview

Vendor Notes:

 From the doc: 'é uma continuação do Toxic Trojan, o Toxic teve até a sua versão Gold (3.0) e então deu a vez ao Anthena, que seguiu com o mesmo estilo, programado em Delphi, o Anthena Trojan só pode ser encontrado nas versões 3.5, e 4.0 (a atual), a versão 4.0 contém várias outras funções não contidas nas antigas versões do Toxic e na versão 3.5 do Anthena.'

Alias:

 Anthena Trojan 4.0, Backdoor Program [Panda], Backdoor.Delf.er [Kaspersky], Backdoor.Vagrnocker.12, Backdoor.VagrNocker.12 [Kaspersky], Backdoor/Delf.er.Server [Computer Associates], Backdoor/Matrix Server family [Computer Associates], Bck/Delf [Panda], New BackDoor1 [McAfee], security risk or a "backdoor" program [F-Prot], Win32/Delf.ER trojan [Eset]

Category:

Backdoor: A secret or undocumented means of getting into a computer system, or software that uses such a means to penetrate a system. Some software has a backdoor placed by the programmer to allow them to gain access to troubleshoot or change the program. Software that is classified as a "backdoor" is designed to exploit a vulnerability in a system, and open it to future access by an attacker.

Trojan: Any program with a hidden intent. Trojans are one of the leading causes of breaking into machines. If you pull down a program from a chat room, new group, or even from unsolicited e-mail, then the program is likely trojaned with some subversive purpose. The word Trojan can be used as a verb: To trojan a program is to add subversive functionality to an existing program. For example, a trojaned login program might be programmed to accept a certain password for any user's account that the hacker can use to log back into the system at any time. Rootkits often contain a suite of such trojaned programs.

Similar Pests:

 Backdoor · Trojan

Origins

Author:

 Thiago Pires Alves

Programming Language:

 Delphi

Date of Origin:

 June, 2002

Place of Origin:

 Brazil

Distribution

Prevalence:
  • Anthena 4.0: < 0.00005%
    • More Info

    Clot Factor:
  • Anthena 4.0: < 1

    • The "Clot Factor" is a measure of how much a pest "gums up" a machine by adding registry entries, files, and directories. As more objects are placed in a machine, manual removal becomes more difficult and more error-prone.

    Growth:
  • Anthena 4.0: Insufficient data to report growth
    		•

    Operation

    Default Port:

    		 12884 TCP or 22554 TCP More info about ports.

    Storage Required:
  • Anthena 4.0: at least 1501 KB
    		•

    Restart:

    		 HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices "BIOSAdapter" or HKLM\Software\Microsoft\Windows\CurrentVersion\Run "Windll.exe"
    Autostarting Pests

    ScreenShot:


    Anthena Trojan 4.0

    Detection and Removal

    Automatic Removal:

    PestPatrol detects this.

    PestPatrol removes this.

    Manual Removal:

    		 Follow these steps to remove Anthena 4.0 from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake.
    Stop Running Processes:

    Kill these running processes with Task Manager:

    Remove AutoRun Reference:

    Go To the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run.
    If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\windll.exe, delete it and reboot the machine immediately.
    If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices\biosadapter, delete it and reboot the machine immediately.



    Clean Registry:

    Remove these registry items (if present) with RegEdit:

    Remove Files:

    Remove these files (if present) with Windows Explorer:

    Research

    File Analyses:

    More Info:
  • AllTheWeb, AltaVista, AOL Search, Ask Jeeves, Google, HotBot, Lycos, LookSmart, MSN, Yahoo!
    		•

    Research By:
  • PestPatrol's Pest Research Center
    		•

    Last Revised:

    		 April 25, 2005