Hey you,

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:

Trojan.Sakurel.B Backdoor Removal Manual

warning-trojanTrojans that can act as backdoors are particularly alarming since they enable malicious actors to perform a range of dangerous activities. Trojan.Sakurel.B is classified as a backdoor type of a Trojan that is currently active in the wild. In order to avoid being affected by it, you should keep your system protected at all times.

Name Trojan.Sakurel.B
Type Trojan, backdoor
Short Description The Trojan opens a backdoor on the compromised system.
Symptoms System files are modified, a new registry entry is added.
Distribution Method Email attachments, exploits, etc.
Detection Tool Download Malware Removal Tool, to See If Your System Has Been Affected by Trojan.Sakurel.B
User Experience Join our forum to discuss the Pupy RAT.

Trojan.Sakurel.B Distribution Method

The most common distribution path for Trojans such as Trojan.Sakurel.B is via malicious exploits. That is why frequently updating your software products and operating system is crucial to the security of your computer.

Trojans, in general, can also be spread via:

  • Infected torrents (peer-to-peer communities);
  • Malicious email attachments;
  • Drive-by downloads;
  • Social engineering scams.

Trojan.Sakurel.B Technical Review

Trojan.Sakurel.B (Symantec’s detection) can be detected differently by different AV solutions:

  • Trojan:Win32/Sakurel.A (Microsoft)
  • Win32/Shyape.M (ESET-NOD32)
  • Trojan.Sakurel.A (B) (Emsisoft)
  • Trojan.Sakurel.A (F-Secure)
  • Trojan.Win32.Sakurel.d (Kaspersky)
  • Trojan.Agent.ED (Malwarebytes)
  • BackDoor-FBTH!3F0BA1CD12BA (McAfee)
  • TROJ_SAKUREL.B (TrendMicro)

Once the Trojan is executed, the following files will be created on the compromised system:

%Temp%\Center[RANDOM CHARACTERS].dat
%Temp%\Center[RANDOM CHARACTERS].dat
%UserProfile%\Application Data\adobe\adobe.dat

Trojan.Sakurel.B also modifies the Windows Registry by adding the following entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”AdobePlayer” = regsvr32 /s “%UserProfile%\Application Data\adobe\adobe.dat”

Trojan.Sakurel.B acts as an installer for a legitimate application. Meanwhile, a separate, malicious process is also started. For example, once executed, the Trojan will try to open a backdoor on the compromised system. As reported by Symantec’s researchers, it will also attempt connecting to the following remote location: on port 443 using SSL

Overall, Trojan.Sakurel.B can perform a range of malicious operations such as:

  • Modify system files – delete, move, list, or steal such;
  • Launch various processes;
  • Download harmful files to the system;
  • Send system information to the remote location given above;
  • Open a remote shell;
  • Uninstall itself.

Trojan.Sakurel.B Removal Options

The best way to deal with Trojan horses such as Trojan.Sakurel.B is by running a full system scan via a strong anti-virus solution. Such a solution will remove all traces of the threat and will continue to shield the system against future attacks.

A step-by-step removal guide is provided below.

1. Boot Your PC In Safe Mode to isolate and remove Trojan.Sakurel.B
2. Remove Trojan.Sakurel.B with SpyHunter Anti-Malware Tool
3. Remove Trojan.Sakurel.B with Malwarebytes Anti-Malware.
4. Remove Trojan.Sakurel.B with STOPZilla AntiMalware
5. Back up your data to secure it against infections by Trojan.Sakurel.B in the future
NOTE! Substantial notification about the Trojan.Sakurel.B threat: Manual removal of Trojan.Sakurel.B requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys 'Mr. Robot' and fears '1984'.

More Posts - Website

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.