BKDR_ZDOOGU.K
Windows 98, ME, NT, 2000, XP, Server 2003
Threat Type: Backdoor
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This Backdoor may be dropped by other malware. It may be unknowingly downloaded by a user while visiting malicious websites.
It executes commands from a remote malicious user, effectively compromising the affected system.
It connects to certain URLs. It may do this to remotely inform a malicious user of its installation. It may also do this to download possibly malicious files onto the computer, which puts the computer at a greater risk of infection by other threats.
TECHNICAL DETAILS
Arrival Details
This Backdoor may be dropped by other malware.
It may be unknowingly downloaded by a user while visiting malicious websites.
Backdoor Routine
This Backdoor executes the following commands from a remote malicious user:
- Download other malicious files
- Execute files
Download Routine
This Backdoor connects to the following malicious URLs:
- http://{BLOCKED}.{BLOCKED}.29.112/new/controller.php
- http://{BLOCKED}.{BLOCKED}.61.44/cgi-bin/commma.cgi
- http://{BLOCKED}.{BLOCKED}.61.44/cgi-bin/oooa.cgi
SOLUTION
Step 1
For Windows ME and XP users, before doing any scans, please make sure you disable System Restore to allow full scanning of your computer.
Step 2
Search and delete this file
There may be some component files that are hidden. Please make sure you check the Search Hidden Files and Folders checkbox in the More advanced options option to include all hidden files and folders in the search result. %Windows%\wiaservim.log
Did this description help? Tell us how we did.