> Spyware Encyclopedia Page 72 > Insane TCP Backdoor

Insane TCP Backdoor removal

Spyware Insane TCP Backdoor Information
Name: Insane TCP Backdoor Category: RAT Date: 2003-07-26 Author: Insane Dangerous: Yes

Insane TCP Backdoor belongs to RAT spyware category.
It's presense means that your computer is infected with malicious software and is insecure.

Insane TCP Backdoor description by Insane:

Vendor: ´ Features: - My 1st Win32 virus - Polymorphic. - Antiheuristics & EPO. Also works as good antidebugging feature versus beginners (means lammers - Double encrypted. 1st decryptor resides in 1st section of victim. 2nd one,before virus code. - Selfpacking. Depends on victim, but sometimes compression could give 3.5 to 1 result (LZSS scheme - Per-process residency - Dosn´t infect antiviruses (russian AVP´ ´DrWeb only - filemask - Contains TCP backdoor Backdoor features 1. System info. Return system version,username,number of disks, . Upload´ ´Execute Upload & execute file. After execution file is deleted. 3. Mass Download For example c windows pwl . Dir Directory listing 5. Backdoor shutdown (till next infected file run 6. Ability to upload plugins. - Infestation not depends from attributes. - Windows directory infestation. - Tested on Windows 95 OSR2,WinNT 4. ,Win2000,Win98 - completely workable. - Two infestation methods 1. Standard add section . 2. Reloc residency (because it not used in PE Exe´ . Possible it´s not correct, but 100% works) - Some ready plugins applied. - MessageBox - remote message box. - Shutdowm- remote shutdown - Gateway - redirection of TCP connections.´

This RAT is also known as:

•Backdoor Program - named by Panda.
• Backdoor.Insane - named by a.
• Backdoor.Insane - named by Kaspersky.
• Backdoor.Insane.plugin - named by a.
• Backdoor.Insane.plugin - named by Kaspersky.
• Backdoor/Insane - named by Computer Associates.
• Backdoor/Insane!plugin - named by Computer Associates.
• Backdoor/Insane.B!Server - named by Computer Associates.
• BackDoor-DK - named by o.
• Backdoor-DK - named by McAfee.
• Backdoor-DK.cli - named by c.
• Bakdoor-DK.plugin.
• Bck/Insane - named by Panda.
• security risk or a "backdoor" program - named by F-Prot.
• Univ.B - named by Panda.
• W32/Devir.15128 - named by F-Prot.
• W32/Insane - named by -.
• W32/Insane - named by McAfee.
• Win32.Devir - named by c.
• Win32.Devir - named by Computer Associates.
• Win32.Devir - named by Kaspersky.
• Win32.Insane.B - named by Computer Associates.
• Win32/Insane trojan - named by Eset.
• Win32/Insane.A.Cient trojan - named by Eset.
• Win32/Intruder - named by Computer Associates.

>> Delete Insane TCP Backdoor automatically - Download Spyware Doctor

Insane TCP Backdoor Removal Instructions
Kill the following processes fce07b0f.exe, gateway.exe, gl.exe, test.exe
Unregister the following DLLs and reboot 39df5f5f.dll, shutdown.dll.
Remove the following files 39df5f5f.dll, fce07b0f.exe, gateway.c--, gateway.exe, gateway.rc, gl.c--, gl.exe, gl.rc, infect.inc, info.txt, msgb.asm, plugins.h--, plugins.inc, readme.txt, ripper.c--, shutdown.asm, shutdown.dll, tcp.inc, test.asm, test.exe, test.obj, uc.inc, win32.inc, wsmm.inc.

Bookmark Insane TCP Backdoor page

Previous Spyware: Remove Insane Reality

Next Spyware: Remove Insect