telnet.bat - Dangerous
telnet.bat
Manual removal instructions:
Antivirus Report of telnet.bat:
telnet.bat
Backdoor.IRC.Aladinz.R is a backdoor server that allows a remote attacker to obtain access to your computer.
The backdoor server uses an mIRC client and client scripts to communicate with a remote attacker.
It also creates a FTP server.
Creates the following folder: %System%\CatRoot.
Creates some files in the CatRoot folder, such as: update.bat; ServUDaemon.exe; dcom.reg; patch.reg; tar.exe etc.
Connects to a remote IRC server and waits for commands.
Listens on TCP ports 3422 and 43958.
Manual removal:
Navigate to the key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
and delete the value: "Microsoft Office"="%system%\telnet.bat"
Delete the following keys:
HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\Security
HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\SystemManagementys2
| telnet.bat | Malware |
| telnet.bat | Dangerous |
| telnet.bat | High Risk |
The backdoor server uses an mIRC client and client scripts to communicate with a remote attacker.
It also creates a FTP server.
Creates the following folder: %System%\CatRoot.
Creates some files in the CatRoot folder, such as: update.bat; ServUDaemon.exe; dcom.reg; patch.reg; tar.exe etc.
Connects to a remote IRC server and waits for commands.
Listens on TCP ports 3422 and 43958.
Manual removal:
Navigate to the key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
and delete the value: "Microsoft Office"="%system%\telnet.bat"
Delete the following keys:
HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\Security
HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\SystemManagementys2
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.