Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Remove BKDR_KASIDET.FD a.k.a. Backdoor.Neutrino

Name BKDR_KASIDET.FD
Type Trojan, Backdoor
Short Description The backdoor is aimed at stealing information from the infected PC.
Symptoms Folders, values, and mutexed are added to the system.
Distribution Method Spam emails (attachments)
Detection tool Download Malware Removal Tool, to See If Your System Has Been Affected By BKDR_KASIDET.FD

BKDR_KASIDET.FD is a malicious Trojan horse with backdoor capabilities that has been detected recently in the wild. Other aliases of the threat are Win32/Kasidet.AD (ESET-NOD32), Backdoor.Neutrino (Malwarebytes), and Trojan:Win32/Lezo.A (Microsoft). Once the Kasider Trojan has sneaked in the system, various types of information are endangered, including banking and credit card credentials. Its primary distribution method is via email (spam)

BKDR_KASIDET.FD Malware Specifications

The backdoor is associated with the Kasidet a.k.a. Neutrino bot which is well-known for its DDoS (distributed denial-of-service) attacks. According to multiple security reports, Kasidet has been leaked in an underground forum in July, 2015. The latest 3.6 version had a brand new feature – ‘ccsearch’. Ccsearch is used to scrap payment card details from PoS systems.

Trojan-Horse

BKDR_KASIDET.FD Attack Resume

As already specified, the backdoor is distributed via corrupted email attachments to mass-mailed email messages. BKDR_KASIDET.FD will delete itself after it is executed.

According to the report by TrendMicro, the Kasidet backdoor is capable of:

  • Connecting to a specific URL to send and receive commands from a remote server.
  • Executing malicious commands on the infected system.
  • Stealing information from the system.
  • Hooking Windows API to defined browsers and clients.

Once the backdoor is installed, it will add the following folder:

→%Application Data%\Y1FeZFVYXllb

Then, the malicious piece will drop the following copy of itself:

→%Application Data%\Y1FeZFVYXllb\{random filename}.exe

Finally, a mutex is also added to make sure that only one of the copies runs every single time:

→Y1FeZFVYXllb

BKDR_KASIDET.FD Backdoor Activities

There is a list of activities that will be initiated remotely by the hacker:

  • Downloading and executing multiple malicious files and processes.
  • Updating itself.
  • Uninstalling itself.
  • Finding files.
  • Performing Remote Shell.
  • Performing a DDoS attack.

The backdoor is reported to connect to two URLs (currently blocked) to receive commands and information from a remote location:

→http://{BLOCKED}y.su/mu/tasks.php
http://{BLOCKED}p.su/mu/tasks.php

Types of Stolen Information

According to security researchers at TrendMicro, the backdoor aims at the following data:

  • ComputerName
  • OS Version
  • Machine GUID

WARNING

The BKDR_KASIDET.FD backdoor is associated with the WORM_KASIDET.SC which is known to affect PoS systems and steal money by obtaining credit card information over a command-and-control server. Apart from stealing money and performing distributed denial-of-service attacks, the worm is reported to log keystrokes, copy clipboard data, capture screenshots, and infect removable drives and network folders.

BKDR_KASIDET.FD Removal Options

Malicious threat should be removed automatically via powerful anti-virus software that runs in real time. It is highly recommended to apply automated removal. Because of its backdoor capabilities and the association with a worm of the same family, manual removal is not considered safe. However, we have compiled several steps that apply to Trojan horses. Find them below the article.

Step 1: Start Your PC in Safe Mode to Remove BKDR_KASIDET.FD.

Removing BKDR_KASIDET.FD from Windows XP, Vista, 7 systems:

1. Remove all CDs and DVDs, and then Restart your PC from the “Start” menu.
2. Select one of the two options provided below:

For PCs with a single operating system: Press “F8” repeatedly after the first boot screen shows up during the restart of your computer. In case the Windows logo appears on the screen, you have to repeat the same task again.

Capture

For PCs with multiple operating systems: Тhe arrow keys will help you select the operating system you prefer to start in Safe Mode. Press “F8” just as described for a single operating system.

safe-mode-windows

3. As the “Advanced Boot Options” screen appears, select the Safe Mode option you want using the arrow keys. As you make your selection, press “Enter“.

4. Log on to your computer using your administrator account

While your computer is in Safe Mode, the words “Safe Mode” will appear in all four corners of your screen.

Removing BKDR_KASIDET.FD from Windows 8, 8.1 and 10 systems:

Substep 1:

Open the Start Menu
Windows-10-0 (1)

Substep 2:

Whilst holding down Shift button, click on Power and then click on Restart.

Substep 3:

After reboot, the aftermentioned menu will appear. From there you should choose Troubleshoot.
Windows-10-1-257x300

Substep 4:

You will see the Troubleshoot menu. From this menu you can choose Advanced Options.
Windows-10-2 (1)

Substep 5:

After the Advanced Options menu appears, click on Startup Settings.
Windows-10-3 (1)

Substep 6:

Click on Restart.
Windows-10-5 (1)

Substep 7:

A menu will appear upon reboot. You should choose Safe Mode by pressing its corresponding number and the machine will restart and boot into Safe Mode so you can scan for and remove BKDR_KASIDET.FD.

Step 2: Remove BKDR_KASIDET.FD automatically by downloading an advanced anti-malware program.

To clean your computer you should download an updated anti-malware program on a safe PC and then install it on the affected computer in offline mode. After that you should boot into safe mode and scan your computer to remove all BKDR_KASIDET.FD associated objects.

NOTE! Substantial notification about the BKDR_KASIDET.FD threat: Manual removal of BKDR_KASIDET.FD requires strong PC security knowledge. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys 'Mr. Robot' and fears '1984'.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.