English
Log in
Search
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

HomeDescriptionsBackdoor.Win32.Agent.b

Backdoor.Win32.Agent.b

Detected Jan 24 2004 23:19 GMT
Released Jan 24 2004 23:19 GMT
Published Aug 06 2004 08:24 GMT

Technical Details

Agent.b is a classic Trojan backdoor that opens the infected machine to remote access. This backdoor is a Windows PE exe file written in Visual C.

Agent.b is packed with two packers: Morphine and UPX. The packed file size is 38 KB and unpacked - 104 KB.

Agent.b is controlled over IRC channels. The controller can download and execute files on the infected machine.

Payload

Agent.b opens a random port in the 1xxx range for about a second, and then continues opening the next port in ascending numerical order. The infected machine sees only ports 'blinking' in ascending order.

Removal

If you know the name of the file containing the Backdoor, you can delete it after you stop the active processes in RAM using the Windows Task Manager. Once you have deleted the process, you can then delete the file.

If you cannot identify the name of the active process, you need to install a firewall, such as Kaspersky Anti-Hacker, which will monitor open ports and provide a log.



Print
Bookmark and Share
Share
Trojans
Backdoor

Backdoors are designed to give malicious users remote control over an infected computer. In terms of functionality, Backdoors are similar to many administration systems designed and distributed by software developers.

These types of malicious programs make it possible to do anything the author wants on the infected computer: send and receive files, launch files or delete them, display messages, delete data, reboot the computer, etc.

The programs in this category are often used in order to unite a group of victim computers and form a botnet or zombie network. This gives malicious users centralized control over an army of infected computers which can then be used for criminal purposes.

There is also a group of Backdoors which are capable of spreading via networks and infecting other computers as Net-Worms do. The difference is that such Backdoors do not spread automatically (as Net-Worms do), but only upon a special “command” from the malicious user that controls them.


Other versions
Backdoor.Win32.Agent.abgg
Backdoor.Win32.Agent.amps
Backdoor.Win32.Agent.ich
Backdoor.Win32.Agent.jm
Backdoor.Win32.Agent.lw
Backdoor.Win32.Agent.nj
Backdoor.Win32.Agent.px

Aliases

Backdoor.Win32.Agent.b (Kaspersky Lab) is also known as:

  • Backdoor.Agent.b (Kaspersky Lab)
  • Virus: W32/Morph.worm (McAfee)
  • Mal/Behav-004 (Sophos)
  • Heuristic.WinPE-Statistical (Panda)
  • W32/Heuristic-417!Eldorado (FPROT)
  • Backdoor:Win32/Agent.G (MS(OneCare))
  • BackDoor.IRC.Fuxor (DrWeb)
  • Win32/Agent.B trojan (Nod32)
  • Backdoor.Agent.B (BitDef7)
  • Backdoor.Agent.FDVX (VirusBuster)
  • Win32:SdBot-gen30 [Trj] (AVAST)
  • Backdoor.Win32.SdBot (Ikarus)
  • BackDoor.Agent.QZZ (AVG)
  • BDS/Backdoor.Gen (AVIRA)
  • W32.Randex.gen (NAV)
  • W32/Sdbot.ALIC (Norman)
  • Backdoor.SdBot.ina (Rising)
  • Backdoor.Win32.Agent.b [AVP] (FSecure)
  • TROJ_AGENT.B (TrendMicro)
  • Trojan.Win32.Generic!BT (Sunbelt)
  • Backdoor.Agent.FDVX (VirusBusterBeta)

© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.

kaspersky.com

Products

eStore

Threats

Downloads

Support

Partners

About Us

Search

securelist.com

Threats

Analysis

Blog

Descriptions

Glossary

RSS feeds

Contacts

Search