BKDR_RMTSVC.U
Backdoor:Win32/Rmtsvc.C!bit (Microsoft)
Windows
Threat Type: Backdoor
Destructiveness: No
Encrypted: Yes
In the wild: Yes
OVERVIEW
Dropped by other malware
This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
TECHNICAL DETAILS
476,302 bytes
EXE
Yes
21 Apr 2017
Executes files, Compromises system security
Arrival Details
This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Installation
This Backdoor injects codes into the following process(es):
- explorer.exe
NOTES:
Once executed, a remote malicious user can access a web page hosted on the affected machine using Port 7778. This web page contains a control panel where a remote user can perform remote commands.
It has the following capaibilities:
- Screen view
- Fully control
- Send Ctrl + Alt + Del
- Set the clipboard
- Get the clipboard
- Run a program
- Shutdown
- Restart
- Log off
Remote management
- Telnet control
- File management
- Process list
- Port list
- Service list
- The registry
- FTP management
VIDC management
- UPnP port mapping
- Local port mapping
- Remote port mapping
- VIDC service management
- Proxy service configuration
- Configure import and export
SOLUTION
9.850
13.354.05
21 Apr 2017
13.355.00
22 Apr 2017
Step 1
Before doing any scans, Windows XP, Windows Vista, and Windows 7 users must disable System Restore to allow full scanning of their computers.
Step 2
Scan your computer with your Trend Micro product to delete files detected as BKDR_RMTSVC.U. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.
Did this description help? Tell us how we did.