Backdoor.Hacdef.b

CyberScrub AntiVirus
Research Bank

Backdoor.Hacdef.b is a member of the Backdoor family of Trojans. It runs only under Windows NT, Windows 2000 and XP. Backdoor.Hacdef.b has two files: a main component and a helper library. The files may appear under a range of names, however, the names most commonly used are:

Main component:
isplog.exe
isplogger.exe

Helper library
isplogger.sys
hkrnlrdv.sys
hxdefdrv.sys

The main component file is 70144 bytes in size, and the helper library is 3328 bytes in size. The program has a sleath function, which hides processes, files on disk, and also system registry values.

Installation
In order to install the backdoor on the system, this Trojan requires a configuration file (INI) that indicates which files and processes should be hidden, and also gives a password for remote access to the system. The backdoor is installed on the system using the key:
-:installonly

Once the backdoor is launched, the Trojan extracts the helper library from itself and installs it in the same directory as the backdoor. It registers itself as a service in the Windows system registry, and gains control each time the operative system is started.

It creates a key in the system register:

[HKLM\System\CurrentControlSet\Services\SafeBoot

The backdoor service is registered as Minimal Network. The backdoor installs API hooks in all active memory processes, and changes a large number of system APIs in order to mask its presence in the system.

AddAccessAllowedAce
AllocateAndInitializeSid
CloseHandle
closesocket
CreateFileA
CreateMailslotA
CreatePipe
CreateProcessA
CreateProcessW
CreateThread
DisconnectNamedPipe
DuplicateHandle
EnumServicesStatusA
EnumServicesStatusW
ExitThread
FindClose
FindFirstFileExW
FindNextFileW
FlushInstructionCache
FreeLibrary
GetCurrentProcess
GetEnvironmentVariableW
GetLastError
GetLengthSid
GetMailslotInfo
GetModuleFileNameA
InitializeAcl
InitializeSecurityDescriptor
IsBadReadPtr
LoadLibraryA
LoadLibraryExW
NtQuerySystemInformation
PeekNamedPipe
ReadFile
recv
ResumeThread
send
SetLastError
SetSecurityDescriptorDacl
Sleep
TerminateProcess
TerminateThread
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WriteFile
WSAEventSelect
WSAGetLastError
WSAIoctl
WSARecv

The backdoor does not open any ports on the victim machine when launching. The functions which hook and replace the APIs allow the backdoor to monitor all incoming traffic; it attempts to detect commands from a remote client in the traffic. If the correct password is received, it opens the port specified by the author/ user of the Trojan to be used for remote access. This way the backdoor evades any firewall protection on the victim machine. If you detect any of the Trojan components on your machine, you are strongly recommended to contact your antivirus manufacturer's technical support service.

Check out if we have free removal tool for this virus

CyberScrub AntiVirus provides state of the art security protection for five years- at one low price. Our award winning technology ensures protection against viruses, worms and trojans backed by top customer support and value.

Five Year Cost Comparison
Product	Initial Cost	Yearly Subscription	X Four Years	Total
Norton 2004 AntiVirus	$49.95*	$29.95	$119.80	$169.75
McAfee VirusScan	$49.95*	$19.95	$79.80	$129.75
CyberScrub AntiVirus	$49.95	Included	No Additional Cost	$49.95
*All prices MSRP as published on respective sites.

It is only a matter of time before a virus, worm or Trojan horse wrecks havoc on your important data. Important files, records, family pictures- all at risk. Some dangerous programs can even ruin your hard drive beyond repair.

CyberScrub AntiVirus offers the most effective protection from all known and unknown viruses.

CyberScrub AntiVirus is powered by a unique integrated technology for virus detection, based on principles of multi-generation heuristic analysis. This allows the program to protect you from suspect “viral behavior”. This highly effective methodology repelled all attacks of each “I LOVEYOU’ viral variation without any additional antivirus database updates. No other technology, including Norton, Trend, or McAfee was able to accomplish this.

CyberScrub AntiVirus is powerful, yet its exceptional ease of use and installation make it acceptable for beginner to pro

CyberScrub Antivirus constantly scans your hard drive and files to identify, clean and destroy infected objects. With updates available every three hours, 24 hours a day, 365 days a year, you can count on CyberScrub to protect your valued data.

CyberScrub AntiVirus
Lifetime Edition

"For the Life of Your Computer"
Save $10 Now!
Limited Time

Backdoor.Hacdef.b

Symantec Warns Of Flaw In Antivirus Program. More>>

CNN Legend Lynne Russell reports on CyberScrub AntiVirus for Tech Headline News.

delete,deletion, file deletion, Internet clean up,privacy, HIPAA, Internet privacy, cookies, erase, erasure, shredder, wipe, overwrite, purge, deletion, security, file wipe, data destruction