Backdoor:Win32/Kirts.A: Remove It and Protect Your System - How to, Technology and PC Security Forum |

Backdoor:Win32/Kirts.A: Remove It and Protect Your System


An unauthorized backdoor access to your system can compromise it in many ways, downloading malicious software onto it being the worst one. Be alert, because a new backdoor identified as Backdoor:Win32/Kirts.A has been reported by security experts at Microsoft.

Threat Summary

Short DescriptionOnce installed, the backdoor can perform a range of malicious activities, including downloading malware and including your PC in a botnet.
SymptomsFiles such as %TEMP%\puwuladrur.bat are created on the system.
Distribution MethodSpam Emails, Email Attachments, File Sharing Networks, Bundled Downloads.
Detection Tool See If Your System Has Been Affected by Backdoor:Win32/Kirts.A


Malware Removal Tool

User ExperienceJoin our forum to Discuss Backdoor:Win32/Kirts.A.

The threat level of Backdoor:Win32/Kirts.A is defined as severe, which means that the likeliness of becoming infected with malware is quite high. Having in mind the high infection rates of ransomware such as Locky and Cerber, the payload of any backdoor operation can definitely lead to the encryption of your data.

Other Recent Backdoors:

Backdoor:Win32/Kirts.A Distribution Methods

Even though the exact distribution method of this backdoor hasn’t been outlined yet, backdoors are usually spread via the same paths. The most likely ways that may have infected your system include:

  • Spam email messages containing malicious attachments;
  • Spam email messages containing malicious links;
  • Via instant messengers;
  • Being redirected to malicious pages deployed for drive-by downloads;
  • Bundled downloads of freeware and torrents (p2p networks).

Backdoor:Win32/Kirts.A Technical Overview

Microsoft security researchers report that once Backdoor:Win32/Kirts.A is installed, it can create various files on your computer, one of them being:


The backdoor also uses code injection to make its detection and removal more difficult. The threat can inject code into running processes, too.

As already mentioned in the beginning, the payload of the whole operation is permitting unauthorized access to the system. Once such access is obtained, any or all of the following malicious activities can take place:

  • Deleting and creating files;
  • Downloading and running files (malware);
  • Uploading files;
  • Logging keystrokes and stealing sensitive information;
  • Modifying system settings;
  • Running or stopping applications;
  • Spreading malware to other computers (becoming part of a botnet);

Note. According to Virustotal, Backdoor:Win32/Kirts.A has other aliases:

→Atros3.AIAX [AVG]; Gen:Variant.Zusy.189561 [BitDefender]; UnclassifiedMalware [Comodo]; a variant of MSIL/Injector.OZF [ESET-NOD32]; Gen:Variant.Zusy.189561 (B) [Emsisoft]; F-Secure [Gen:Variant.Zusy.189561]; Trojan.Win32.IRCbot.aanp [Kaspersky];
Trojan.IRCBot.MSIL [Malwarebytes]; Trojan-FIHN!F76F76B0B477 [McAfee];
Trojan.Gen [Symantec], etc.

Trojan.IRCBot has already been analyzed by Enigma Software security researchers. It is indeed a backdoor Trojan that connects to an IRC server to receive commands. The backdoor can propagate via network shares, spam-emails and bundled downloads.

How Can I Remove Backdoor:Win32/Kirts.A from My System?

Backdoor Trojans can be very stealthy and damaging to your system. That is why the most secure way to remove such threats is by installing and running a trustworthy anti-malware program. If your knowledge of Windows is above average, you can follow the manual removal steps. No matter what you choose to do, keep in mind that automatic anti-malware protection is highly recommend. The threat landscape is more dangerous than ever.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share