PERL_SHELBOT.SMM
Windows, Linux
Threat Type: Backdoor
Destructiveness: No
Encrypted: No
In the wild: Yes
OVERVIEW
This backdoor may be downloaded by other malware/grayware/spyware from remote sites. It may be unknowingly downloaded by a user while visiting malicious websites.
TECHNICAL DETAILS
Arrival Details
This backdoor may be downloaded by other malware/grayware/spyware from remote sites.
It may be unknowingly downloaded by a user while visiting malicious websites.
NOTES:
This is the Trend Micro detection for malware written using Perl Script. It connects to a remote Internet Relay Chat (IRC) server to listen and wait for commands coming from a malicious user. Once successfully connected, it can perform a number of routines including:
- Denial of service attack
- Execute files
- Upload/download files
SOLUTION
Step 1
Before doing any scans, Windows XP, Windows Vista, and Windows 7 users must disable System Restore to allow full scanning of their computers.
Step 2
Search and delete the file detected as PERL_SHELBOT.SMM
Did this description help? Tell us how we did.