pooponastick
Member!
So, uve got infected by the BackDoor.NetDevil trojan? Ive had the same problem. You can detect this trojan with the Norton Antivirus program. The trojan CAN cause bad damage to your system. I've researched stuff about it and people have said the hacker that gave it to them could turn on/off their monitors, open and close disc tray, and even take control of your mouse control. Scary stuff. He/She can practically take control of everything. When BackDoor.NetDevil runs, it does the following:
It copies itself to the %system% folder. The file name my vary but most likely it will copy itself to KERNEL32.DLI(which it did for me). Its adds a value that refers to the dropped file to one of the following regitry keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run(Look for the KERNEL32.DLI File)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
When the hacker creates a BackDoor.NetDevil server file, there are many functions that can be added:
-Display a fake error message to conceal its true nature.
-Choose the ports that are used by the backdoor to communicate with the hacker. By default, it uses port 901 for direct control, port 902 for communicating logged keystrokes, and port 903 fo file transfer.
-Use different notification methods to send info to the hacker about the compromised computer.
-Attempt to kill running firewall and antivirus processes.
When the trojan runs, it allows the hacker to remotely take control over your computer and do the following:
-Obtain full control of te file system
-Upload files to and download files from the host computer.
-Run files of the hacker's choice
-Kill running processes
-Display messages
-View the contents of the screen
-Log keystrokes
-Take control of your mouse, open and close the CD-ROM drive, turning the monitor on and off, and so on.
Steps on how to get rid of BackDoor.NetDevil
1. Update the virus definitions.
2. Run full system scan to find th infected file(s).
3. Click Start, and click Run. Typer Regedit and click OK. The Registry Editor opes. Navigate in turn to each of these keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
4. In the right pane for each key, delete the infected file u found with your antivrus program.
5. Exit and restart your computer
6. Run Full system scan again and if u find 0 infected files, your good.
PM me for more questions and thanks for your cooperations
~Pooponastick~
Plz sticky this, i bet it will help alot of people. Thank you.
It copies itself to the %system% folder. The file name my vary but most likely it will copy itself to KERNEL32.DLI(which it did for me). Its adds a value that refers to the dropped file to one of the following regitry keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run(Look for the KERNEL32.DLI File)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
When the hacker creates a BackDoor.NetDevil server file, there are many functions that can be added:
-Display a fake error message to conceal its true nature.
-Choose the ports that are used by the backdoor to communicate with the hacker. By default, it uses port 901 for direct control, port 902 for communicating logged keystrokes, and port 903 fo file transfer.
-Use different notification methods to send info to the hacker about the compromised computer.
-Attempt to kill running firewall and antivirus processes.
When the trojan runs, it allows the hacker to remotely take control over your computer and do the following:
-Obtain full control of te file system
-Upload files to and download files from the host computer.
-Run files of the hacker's choice
-Kill running processes
-Display messages
-View the contents of the screen
-Log keystrokes
-Take control of your mouse, open and close the CD-ROM drive, turning the monitor on and off, and so on.
Steps on how to get rid of BackDoor.NetDevil
1. Update the virus definitions.
2. Run full system scan to find th infected file(s).
3. Click Start, and click Run. Typer Regedit and click OK. The Registry Editor opes. Navigate in turn to each of these keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
4. In the right pane for each key, delete the infected file u found with your antivrus program.
5. Exit and restart your computer
6. Run Full system scan again and if u find 0 infected files, your good.
PM me for more questions and thanks for your cooperations
~Pooponastick~
Plz sticky this, i bet it will help alot of people. Thank you.