~Guide for getting rid of the BackDoor.NetDevil trojan by Pooponastick~

[pooponastick]

So, uve got infected by the BackDoor.NetDevil trojan? Ive had the same problem. You can detect this trojan with the Norton Antivirus program. The trojan CAN cause bad damage to your system. I've researched stuff about it and people have said the hacker that gave it to them could turn on/off their monitors, open and close disc tray, and even take control of your mouse control. Scary stuff. He/She can practically take control of everything. When BackDoor.NetDevil runs, it does the following:

It copies itself to the %system% folder. The file name my vary but most likely it will copy itself to KERNEL32.DLI(which it did for me). Its adds a value that refers to the dropped file to one of the following regitry keys:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run(Look for the KERNEL32.DLI File)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

When the hacker creates a BackDoor.NetDevil server file, there are many functions that can be added:

-Display a fake error message to conceal its true nature.
-Choose the ports that are used by the backdoor to communicate with the hacker. By default, it uses port 901 for direct control, port 902 for communicating logged keystrokes, and port 903 fo file transfer.
-Use different notification methods to send info to the hacker about the compromised computer.
-Attempt to kill running firewall and antivirus processes.

When the trojan runs, it allows the hacker to remotely take control over your computer and do the following:

-Obtain full control of te file system
-Upload files to and download files from the host computer.
-Run files of the hacker's choice
-Kill running processes
-Display messages
-View the contents of the screen
-Log keystrokes
-Take control of your mouse, open and close the CD-ROM drive, turning the monitor on and off, and so on.

Steps on how to get rid of BackDoor.NetDevil

1. Update the virus definitions.
2. Run full system scan to find th infected file(s).
3. Click Start, and click Run. Typer Regedit and click OK. The Registry Editor opes. Navigate in turn to each of these keys:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

4. In the right pane for each key, delete the infected file u found with your antivrus program.
5. Exit and restart your computer
6. Run Full system scan again and if u find 0 infected files, your good.

PM me for more questions and thanks for your cooperations





~Pooponastick~
Plz sticky this, i bet it will help alot of people. Thank you.

 

[pooponastick]

Sorry for putting Guide for getting rid of trojans but this is onlyfor the BackDoor.NetDevil Trojan. Sorry.

 

[Korittke]

good guide, but wrong section. also theres a mistake:
"most likely it will copy itself to KERNEL32.DLL"
the file is named KERNEL32.DlI, in windows font it looks like 2 l's, but its a L and a i.
moved to somewhere, i dunno yet ^^
moved/copied to discussion/noobs only

 

[pooponastick]

There, i edited it. Btw, which section should i post it in. I can just copy and paste it.

 

[IDefy]

I downloaded something and net devil was in it i ran the virus and it got whipped away but thats some useful info more peoplle should read this.

 

[pooponastick]

TheSummit are u talking to me??

 

[Guru]

ill give it a sticky for now, it will be useful to a lot of people

 

[xXI)eAtH-aSaZiNXx]

Thnx for the info, but im not STUPID enough to get infected with netdevil! :rofl2

 

[l33t 0n3]

I got it for clicking a WEBSITE, not dling anything... lost 3 d2 accounts 2 wc3 accounts a few cdkeys and a harddrive.

 

[Guru]

Good guide and everything, but im going to unstick it since it is in noobs only too. I didn't realize that it was there.

 

[TweaK]

Smartass. Who goes into the n00b board?

 

[Guru]

ForGed


and if someone needs to know how to get rid of it they can just post and we can lead them to the noob forum