Cycbot.b

(Backdoor:Win32/Cycbot.B)
The Cycbot.b trojan virus (born October 13, 2010) is a backdoor that allows attackers unauthorized access and control of an infected Windows computer. After a computer is infected, the trojan connects to a specific IRC server and joins a specific channel to receive commands from attackers. Commands can instruct the trojan to spread to other computers by scanning for network shares with weak passwords, exploiting Windows vulnerabilities, or possibly spreading through backdoor ports opened by other families of malicious software. The trojan may also allow attackers to perform other backdoor functions, such as launching denial of service attacks and retrieving system information from infected computers.
This allows hackers to remotely control your computer, steal critical system information, download and execute files.[http://www.bleepingcomputer.com/forums/topic354181.html/page1977393#entry1977393
Symptoms

The following system changes may indicate the presence of this malware:
The presence of the following files:
c:\documents and settings\administrator\application data\microsoft\stor.cfg
c:\documents and settings\administrator\application data\microsoft\svchost.exe
c:\documents and settings\administrator\application data\microsoft\windows\shell.exe
c:\documents and settings\administrator\local settings\temp\dwm.exe
The presence of the following registry modifications:
Adds value: "svchost"
With data: "c:\documents and settings\administrator\application data\microsoft\svchost.exe"
To subkey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Steps to Combat The Virus
1. Disconnect the infected PC from the internet immediately.
2. Get to an uninfected computer and change all of the passwords that you have previously entered on the infected computer.
3. Contact all of those financial institutions and let them know you've been compromised.
4. Install a virus protection, update definitions, or find a licensed technician to get rid of the virus.
5. Wait until their is confirmation that the backdoor the virus came in through has been stopped, otherwise even with eradication, the controller could still have access to your personal information.
Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the operating system.
 
< Prev   Next >