SpywareGuide powered by Actiance Security Labs
Search SpywareGuide Database & Site
Home Access the Guide
List of Products List of Companies List of Categories
Tools
X-RayPC
Terms and Definitions
 
Full Name:
Backdoor.DRam Websearch   Read More
Type: Worm
Also Known as: W32/Rbot-BCQ (Sophos), Backdoor.Win32.Rbot.aeu ,MS03-026_Exploit!Trojan, W32/Sdbot.worm, Worm_Rbot.Cya (Trend Micro)
SG Index: 5 [Explain]
Removal tools: List of products that detect/remove/protect against Backdoor.DRam:
  • IM, P2P control, malware prevention and web filtering in single appliance: Unified Security Gateway
  • Category Description: Virus-like program that spreads automatically to other computers by sending itself out by email or by any other means. A program that propagates itself by attacking other machines and copying itself to the affected machine.

    Worms have self-replicating code that travels from machine to machine by various means. A worms first objective is merely propagation. Worms can be destructive depending on what payload they have been given. Worms may replace files, but do not insert themselves into files.
    Comment: Backdoor.DRam is a worm and IRC backdoor Trojan , which runs continuously in the backdrop, providing a backdoor server on a random port. It connects to an Internet Relay Chat (IRC) server and joins a specific channel, where it listens for instructions from a distant malicious user. The supposed instructions are implemented locally on affected machines.

    It can perform denial of service (DoS) attacks against target sites using different flood methods.
    This worm is capable of gathering and stealing Microsoft product keys as well as application product IDs from popular software products installed on affected machines.
       
    Manual removal: This worm disables the DCOM protocol and restricts anonymous access to the affected system by modifying the following registry entries:

    HKEY_LOCAL_MACHINE\Software\Microsoft\OLE
    EnableDCOM = "N"

    (Note: The default value for the said registry entry is EnableDCOM = "Y".)

    Steps To Change it:

    1.Click Start, click on Run .
    2.Type RegEdit .
    3.Navigate to Registry Key "HKEY_LOCAL_MACHINE\Software\Microsoft\OLE"
    4.On Right side of Window select "EnableDCOM"
    5.Right Click on it, and select option "Modify"
    6.Replace the changed value "N" to "Y"
    Properties:
  •  Adds other software
  •  Allows remote control
  •  Installs Through Exploit
  •  Opens ports
  •  Stealth Tactics
  • Click here to leave feedback for this product

    Recent Modifications
    2023-3-28  Adult Networks/Services
    2023-3-7  New York Islanders Fans
    2017-2-10  Adult Hosts
    2016-3-30  CoolWebSearch
    2015-9-29  Malicious URLS
    2015-5-19  Dialers
    2015-1-5  Email Threats
    2013-7-20  Date Manager
    2013-4-10  BeeBus
    2012-12-18  JT.Moonwalk
     
    Company  | Site and Spyware FAQ
    © Copyright 2003-2023, Actiance, Inc. All rights reserved.   Privacy Policy