Backdoor.Win32.ForBot.r

CyberScrub AntiVirus
Research Bank

This Trojan offers a remote malicious user full control over the victim machine.

The Trojan itself is a Windows PE EXE file, approximately 85KB in size, packed using MEW. The unpacked file is approximately 352KB in size.

Once launched, the backdoor copies itself to the Windows system directory as “dllmanager.exe”.

%System%\dllmanager.exe

It then registers this file in the system registry:

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplScan" = "dllmanager.exe" 
[HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"NvCplScan" = "dllmanager.exe" 
[HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices]
"NvCplScan" = "dllmanager.exe" 
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplScan" = "dllmanager.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"NvCplScan" = "dllmanager.exe"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplScan" = "dllmanager.exe"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"NvCplScan" = "dllmanager.exe"

This ensures that a copy of the malicious program will be launched each time the victim machine is rebooted.

The backdoor connects to an IRC server in order to receive commands.

Once it has established a connection to an IRC server, a malicious remote user can cause the Trojan to scan other computers for unprotected network resources, and for the LSASS vulnerability. It can then install itself on vulnerable machines, and upload files to these machines. It is also capable of: deleting files, terminating a range of processes, extracting CD registration codes, harvesting email addresses, logging key strokes, carrying out DOS attacks, installing updated versions of the Trojan on the victim machine, and harvesting information about the infected machine and its owner.

Check out if we have free removal tool for this virus

CyberScrub AntiVirus provides state of the art security protection for five years- at one low price. Our award winning technology ensures protection against viruses, worms and trojans backed by top customer support and value.

Five Year Cost Comparison
Product	Initial Cost	Yearly Subscription	X Four Years	Total
Norton 2004 AntiVirus	$49.95*	$29.95	$119.80	$169.75
McAfee VirusScan	$49.95*	$19.95	$79.80	$129.75
CyberScrub AntiVirus	$49.95	Included	No Additional Cost	$49.95
*All prices MSRP as published on respective sites.

It is only a matter of time before a virus, worm or Trojan horse wrecks havoc on your important data. Important files, records, family pictures- all at risk. Some dangerous programs can even ruin your hard drive beyond repair.

CyberScrub AntiVirus offers the most effective protection from all known and unknown viruses.

CyberScrub AntiVirus is powered by a unique integrated technology for virus detection, based on principles of multi-generation heuristic analysis. This allows the program to protect you from suspect “viral behavior”. This highly effective methodology repelled all attacks of each “I LOVEYOU’ viral variation without any additional antivirus database updates. No other technology, including Norton, Trend, or McAfee was able to accomplish this.

CyberScrub AntiVirus is powerful, yet its exceptional ease of use and installation make it acceptable for beginner to pro

CyberScrub Antivirus constantly scans your hard drive and files to identify, clean and destroy infected objects. With updates available every three hours, 24 hours a day, 365 days a year, you can count on CyberScrub to protect your valued data.

CyberScrub AntiVirus
Lifetime Edition

"For the Life of Your Computer"
Save $10 Now!
Limited Time

Backdoor.Win32.ForBot.r

Symantec Warns Of Flaw In Antivirus Program. More>>

CNN Legend Lynne Russell reports on CyberScrub AntiVirus for Tech Headline News.

delete,deletion, file deletion, Internet clean up,privacy, HIPAA, Internet privacy, cookies, erase, erasure, shredder, wipe, overwrite, purge, deletion, security, file wipe, data destruction