Fighting Spyware, Malware and Adware one File at a Time.
Navigation Links

Database of Spyware Home

About the Project

View the Database

Forums

Database of Spyware Site Map

Terms of Use

Back Attack

Overview

Alias

 Back Atack, Backdoor.BackAttack.14, Backdoor.Backattack.18, Backdoor.Backattack.19, Backdoor.Delf.fh, Server may be infected with Win32.FunLove.4070,

Category

 RAT: A Remote Administration Tool, or RAT, is a Trojan that when run, provides an attacker with the capability of remotely controlling a machine via a ""client"" in the attacker's machine, and a ""server"" in the victim's machine. Examples include Back Orifice, NetBus, SubSeven, and Hack'a'tack. What happens when a server is installed in a victim's machine depends on the capabilities of the trojan, the interests of the attacker, and whether or not control of the server is ever gained by another attacker -- who might have entirely different interests. Infections by remote administration Trojans on Windows machines are becoming as frequent as viruses. One common vector is through File and Print Sharing, when home users inadvertently open up their system to the rest of the world. If an attacker has access to the hard-drive, he/she can place the trojan in the startup folder. This will run the trojan the next time the user logs in. Another common vector is when the attacker simply e-mails the trojan to the user along with a social engineering hack that convinces the user to run it against their better judgment.

Backdoor:  A secret or undocumented means of getting into a computer system, or software that uses such a means to penetrate a system. Some software has a backdoor placed by the programmer to allow them to gain access to troubleshoot or change the program. Software that is classified as a "backdoor" is designed to exploit a vulnerability in a system, and open it to future access by an attacker.

Variants

   Back Attack 1.3 ·  Back Attack 1.4 ·  Back Attack 1.5 ·  Back Attack 1.6 ·  Back Attack 1.7 ·  Back Attack 1.8 ·  Back Attack 1.9 ·  Back Attack 2.0 ·
 

Origins

 

Author

 Remaker

Group

 CurrenTChaoSGroup

Others By This Group

 Back Attack 1.3· Back Attack 1.4· Back Attack 1.5· Back Attack 1.6· Back Attack 1.7· Back Attack 1.8· Back Attack 1.9· Back Attack 2.0· Backdoor.BackAttack· Backdoor.BackAttack.20·

URL

 httP://www.CurrenTChaoS.Tk or httP://www.CurrenTChaoS.Go.Ro

Programming Language

 Written in Delphi, compressed with UPX

Date of Origin

 Variants from February, 2003 to March, 2004

Place of Origin

 Romania
 

Detection and Removal

Manual Removal

 Follow these steps to remove Back Attack from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake.

 Stop Running Processes:

Kill these running processes with Task Manager:



Remove Autorun Reference:

Go To the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run


If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\registrychecker, delete it and reboot the machine immediately.

If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\regl1.2, delete it and reboot the machine immediately.

If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\regvn3.3, delete it and reboot the machine immediately.



Clean Registry:

Remove these registry items (if present) with RegEdit:



Remove Files:

Remove these files (if present) with Windows Explorer:



 
Baby.100.b  BacaTrojan  Bachdoor.Coldfuson.11  Bachdoor.Coldfuson.11.a  Bachdoor.Coldfuson.11.b  BackAttack  BackAttack1.3  BackAttack1.4  BackAttack1.5  BackAttack1.6  
 
Site Map 2006 © Copyright DatabaseofSpyware.com. All rights reserved. Terms of Use
Another Proud Thor Schrock Development