Backdoor.Spyboter

· Overview ·
· Origins ·
· Distribution ·
· Operation ·
· Detection and Removal ·
· Research ·

Overview
Category:	Backdoor: A secret or undocumented means of getting into a computer system, or software that uses such a means to penetrate a system. Some software has a backdoor placed by the programmer to allow them to gain access to troubleshoot or change the program. Software that is classified as a "backdoor" is designed to exploit a vulnerability in a system, and open it to future access by an attacker.
Variants:	Backdoor.Spyboter.aq Backdoor.Spyboter.as Backdoor.Spyboter.gen Backdoor.Spyboter.t Backdoor/Spyboter.A Win32/Spybot.20992.A.Worm Win32/Spybot.29728.Trojan
Similar Pests:	Backdoor
Origins
Date of Origin:	Variants from August, 2002 to August, 2004
Distribution
Prevalence:	Backdoor.Spyboter.gen: < 0.00005% More Info
Clot Factor:	Backdoor.Spyboter.gen: 1 The "Clot Factor" is a measure of how much a pest "gums up" a machine by adding registry entries, files, and directories. As more objects are placed in a machine, manual removal becomes more difficult and more error-prone.
Operation
Storage Required:	Backdoor.Spyboter.aq: at least 81 KB Backdoor.Spyboter.as: at least 25 KB Backdoor.Spyboter.gen: at least 433 KB Backdoor.Spyboter.t: at least 37 KB Backdoor/Spyboter.A: at least 261 KB Win32/Spybot.20992.A.Worm: at least 25 KB Win32/Spybot.29728.Trojan: at least 217 KB
Detection and Removal
Automatic Removal:	PestPatrol detects this. PestPatrol removes this.
Manual Removal:	Follow these steps to remove Backdoor.Spyboter from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake.
	Stop Running Processes: Kill these running processes with Task Manager: 7a938e2392b773c3f11b0952732b244a.exe backdoor.spyboter.as.exe backdoor.spyboter.gen[2].exe backdoor.spyboter.gen_(5).exe msginav.exe netdll.exe netstatt.exe systemroot+\system32\aolmsngr.exe systemroot+\system32\zopytlrs.exe tgbot_pecompact.exe tgbot_upx_packed.exe tgbot_upx_unpacked.exe yahoomsgr.exe
	Unregister DLLs: Unregister these DLLs with Regsvr32, then reboot: backdoor.spyboter.aq.dll
	Remove Files: Remove these files (if present) with Windows Explorer: 7a938e2392b773c3f11b0952732b244a.exe backdoor.spyboter.aq.dll backdoor.spyboter.as.exe backdoor.spyboter.gen[2].exe backdoor.spyboter.gen_(5).exe msginav.exe netdll.exe netstatt.exe spyboter.txt systemroot+\system32\aolmsngr.exe systemroot+\system32\zopytlrs.exe tgbot_pecompact.exe tgbot_upx_packed.exe tgbot_upx_unpacked.exe yahoomsgr.exe
Research
File Analyses:	Backdoor.Spyboter.aq: backdoor.spyboter.aq.dll Backdoor.Spyboter.as: backdoor.spyboter.as.exe Backdoor.Spyboter.gen: aolmsngr.exe · backdoor.spyboter.gen[2].exe · Backdoor.Spyboter.gen_(5).EXE · msginav.exe · netstatt.exe · spyboter.txt · tgbot_pecompact.exe · tgbot_upx_packed.exe · yahoomsgr.exe · zopytlrs.exe Backdoor.Spyboter.t: 7a938e2392b773c3f11b0952732b244a.exe Backdoor/Spyboter.A: netdll.exe Win32/Spybot.20992.A.Worm: netstatt.exe Win32/Spybot.29728.Trojan: tgbot_upx_unpacked.exe
More Info:	AllTheWeb, AltaVista, AOL Search, Ask Jeeves, Google, HotBot, Lycos, LookSmart, MSN, Yahoo!
Research By:	PestPatrol's Pest Research Center
Last Revised:	April 15, 2005

Backdoor.Spyboter

· Overview · · Origins · · Distribution · · Operation · · Detection and Removal · · Research ·

Overview

Category:

Variants:

Similar Pests:

Origins

Date of Origin:

Distribution

Prevalence:

Clot Factor:

Operation

Storage Required:

Detection and Removal

Automatic Removal:

Manual Removal:

Research

File Analyses:

More Info:

Research By:

Last Revised:

· Overview ·
· Origins ·
· Distribution ·
· Operation ·
· Detection and Removal ·
· Research ·