| Description:
|
Details
Backdoor.Agent.b
Agent.b is a classic Trojan backdoor that opens the infected machine to remote access. This backdoor is a Windows PE exe file written in Visual C.
Agent.b is packed with two packers: Morphine and UPX. The packed file size is 38 KB and unpacked - 104 KB.
Agent.b is controlled over IRC channels. The controller can download and execute files on the infected machine.
Payload
Agent.b opens a random port in the 1xxx range for about a second, and then continues opening the next port in ascending numerical order. The infected machine sees only ports 'blinking' in ascending order.
Removal
If you know the name of the file containing the Backdoor, you can delete it after you stop the active processes in RAM using the Windows Task Manager. Once you have deleted the process, you can then delete the file.
If you cannot identify the name of the active process, you need to install a firewall, such as Kaspersky Anti-Hacker, which will monitor open ports and provide a log. |
