BKDR_SHIZ.AB
Backdoor.Win32.Shiz.asi (Kaspersky); W32/Bamital.dll (McAfee)
Windows 2000, Windows XP, Windows Server 2003
Threat Type: Backdoor
Destructiveness: No
Encrypted: No
In the wild: Yes
OVERVIEW
This backdoor may be dropped by other malware.
It deletes registry entries, causing some applications and programs to not function properly.
It connects to a website to send and receive information.
TECHNICAL DETAILS
Varies
PE
21 Jan 2011
Arrival Details
This backdoor may be dropped by the following malware:
- TROJ_BAMITAL.QUE
Installation
This backdoor injects itself into the following processes running in the affected system's memory:
- fchrome.exe
- firefox.exe
- opera.exe
- iexplore.exe
It is injected into the following processes running in memory:
- explorer.exe
Other System Modifications
This backdoor deletes the following registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\SystemRestore
DisableSR = 0
Backdoor Routine
This backdoor connects to the following websites to send and receive information:
- C90D9B1BEF95278A0157B7E25350B6EC.info
- 56A21C00E797ED646F427537D6C05D6B.info
SOLUTION
8.900
7.780.15
21 Jan 2011
1/21/2011 12:00:00 AM
Step 1
For Windows XP and Windows Server 2003 users, before doing any scans, please make sure you disable System Restore to allow full scanning of your computer.
Step 2
Remove malware files dropped/downloaded by BKDR_SHIZ.AB
- TROJ_BAMITAL.QUE
Step 3
Scan your computer with your Trend Micro product and note files detected as BKDR_SHIZ.AB
Step 4
Restart in Safe Mode
Step 5
Restore this file from backup only Microsoft-related files will be restored. If this malware/grayware also deleted files related to programs that are not from Microsoft, please reinstall those programs on you computer again.
Step 6
Search and delete the file detected as BKDR_SHIZ.AB
Did this description help? Tell us how we did.