Fjern BKDR_KASIDET.FD a.k.a. Backdoor.Neutrino - Hvordan, Teknologi og pc-sikkerhed Forum | SensorsTechForum.com
TRUSSEL FJERNELSE

Fjern BKDR_KASIDET.FD a.k.a. Backdoor.Neutrino

NavnBKDR_KASIDET.FD
TypeTrojan, Bagdør
Kort beskrivelseThe backdoor is aimed at stealing information from the infected PC.
Symptomermapper, værdier, and mutexed are added to the system.
DistributionsmetodeSpam e-mails (vedhæftede filer)
Værktøj DetectionHent Malware Removal Tool, to See If Your System Has Been Affected By BKDR_KASIDET.FD

BKDR_KASIDET.FD is a malicious Trojan horse with backdoor capabilities that has been detected recently in the wild. Other aliases of the threat are Win32/Kasidet.AD (ESET-NOD32), Backdoor.Neutrino (Malwarebytes), and Trojan:Win32/Lezo.A (Microsoft). Once the Kasider Trojan has sneaked in the system, various types of information are endangered, including banking and credit card credentials. Its primary distribution method is via email (spam)

BKDR_KASIDET.FD Malware Specifications

The backdoor is associated with the Kasidet a.k.a. Neutrino bot which is well-known for its DDoS (distribueret denial-of-service,) angreb. According to multiple security reports, Kasidet has been leaked in an underground forum in July, 2015. Det seneste 3.6 version had a brand new feature – ‘ccsearch’. Ccsearch is used to scrap payment card details from PoS systems.

Trojansk hest

BKDR_KASIDET.FD Attack Resume

As already specified, the backdoor is distributed via corrupted email attachments to mass-mailed email messages. BKDR_KASIDET.FD will delete itself after it is executed.

According to the report by TrendMicro, the Kasidet backdoor is capable of:

  • Connecting to a specific URL to send and receive commands from a remote server.
  • Executing malicious commands on the infected system.
  • Stealing information from the system.
  • Hooking Windows API to defined browsers and clients.

Once the backdoor is installed, it will add the following folder:

→%Application Data%\Y1FeZFVYXllb

Derefter, the malicious piece will drop the following copy of itself:

→%Application Data%\Y1FeZFVYXllb\{tilfældig filnavn}.exe

Endelig, a mutex is also added to make sure that only one of the copies runs every single time:

Y1FeZFVYXllb

BKDR_KASIDET.FD Backdoor Activities

There is a list of activities that will be initiated remotely by the hacker:

  • Downloading and executing multiple malicious files and processes.
  • Updating itself.
  • Uninstalling itself.
  • Finding files.
  • Performing Remote Shell.
  • Performing a DDoS attack.

The backdoor is reported to connect to two URLs (currently blocked) to receive commands and information from a remote location:

→http://{BLOKERET}y.su/mu/tasks.php
http://{BLOKERET}p.su/mu/tasks.php

Types of Stolen Information

According to security researchers at TrendMicro, the backdoor aims at the following data:

  • ComputerName
  • OS-version
  • Machine GUID

ADVARSEL

The BKDR_KASIDET.FD backdoor is associated with the WORM_KASIDET.SC which is known to affect PoS systems and steal money by obtaining credit card information over a command-and-control server. Apart from stealing money and performing distributed denial-of-service attacks, the worm is reported to log keystrokes, copy clipboard data, capture screenshots, and infect removable drives and network folders.

BKDR_KASIDET.FD Removal Options

Malicious threat should be removed automatically via powerful anti-virus software that runs in real time. It is highly recommended to apply automated removal. Because of its backdoor capabilities and the association with a worm of the same family, manual removal is not considered safe. Men, we have compiled several steps that apply to Trojan horses. Find them below the article.

Trin 1: Start Your PC in Safe Mode to Remove BKDR_KASIDET.FD.

Removing BKDR_KASIDET.FD from Windows XP, Vista, 7 systemer:

1. Fjern alle cd'er og dvd'er, og derefter Genstart pc'en fra “Start” menu.
2. Vælg en af ​​de to muligheder, der nedenfor:

For pc'er med et enkelt operativsystem: Tryk “F8” gentagne gange efter den første boot-skærmen dukker op i løbet af genstart af din computer. I tilfælde af Windows-logoet vises på skærmen, du er nødt til at gentage den samme opgave igen.

Fange

For pc'er med flere operativsystemer: Тhe piletasterne vil hjælpe dig med at vælge det operativsystem, du foretrækker at starte i Fejlsikret tilstand. Tryk “F8” lige som beskrevet for et enkelt operativsystem.

safe-mode-vinduer

3. Som “Avancerede startindstillinger” vises, vælg Fejlsikret tilstand ønskede indstilling ved hjælp af piletasterne. Som du gøre dit valg, presse “Indtast“.

4. Log på computeren ved hjælp af din administratorkonto

Mens computeren er i fejlsikret tilstand, ordene “Fejlsikret tilstand” vises i alle fire hjørner af skærmen.

Removing BKDR_KASIDET.FD from Windows 8, 8.1 og 10 systemer:

Undertrin 1:

Åbn Start Menu
Windows-10-0 (1)

Undertrin 2:

Mens holde Shift knap, Klik på Magt og klik derefter på Genstart.

Undertrin 3:

Efter genstart, den aftermentioned menuen vises. Derfra skal du vælge Fejlfinde.
Windows-10-1-257x300

Undertrin 4:

Du vil se Fejlfinde menu. Fra denne menu kan du vælge Avancerede indstillinger.
Windows-10-2 (1)

Undertrin 5:

Efter Avancerede indstillinger menu vises, Klik på Startup Indstillinger.
Windows-10-3 (1)

Undertrin 6:

Klik på Genstart.
Windows-10-5 (1)

Undertrin 7:

En menu vises ved genstart. Du bør vælge Fejlsikret tilstand ved at trykke på dens tilsvarende nummer og maskinen genstarter og starte op i fejlsikret tilstand, så du kan scanne efter og fjern BKDR_KASIDET.FD.

Trin 2: Remove BKDR_KASIDET.FD automatically by downloading an advanced anti-malware program.

Til at rense din computer bør du hente en opdateret anti-malware program på en sikker pc og derefter installere den på det berørte computer i offline tilstand. After that you should boot into safe mode and scan your computer to remove all BKDR_KASIDET.FD associated objects.

BEMÆRK! Væsentlig underretning om BKDR_KASIDET.FD trussel: Manuel fjernelse af BKDR_KASIDET.FD requires strong PC security knowledge. Selv hvis din computer færdigheder er ikke på et professionelt niveau, fortvivl ikke. Du kan gøre fjernelsen selv bare i 5 minutter, ved hjælp af en malware fjernelse værktøj.
Milena Dimitrova

Milena Dimitrova

En inspireret forfatter og indhold leder, der har været med SensorsTechForum siden begyndelsen. Fokuseret på brugernes privatliv og malware udvikling, hun tror stærkt på en verden, hvor cybersikkerhed spiller en central rolle. Hvis almindelig sund fornuft giver ingen mening, hun vil være der til at tage noter. Disse noter senere kan blive til artikler! Følg Milena @Milenyim

Flere indlæg

Følg mig:
Twitter

Efterlad en kommentar

Din e-mail-adresse vil ikke blive offentliggjort. Krævede felter er markeret *

Frist er opbrugt. Venligst genindlæse CAPTCHA.

Del på Facebook Del
Loading ...
Del på Twitter Tweet
Loading ...
Del på Google Plus Del
Loading ...
Del på Linkedin Del
Loading ...
Del på Digg Del
Del på Reddit Del
Loading ...
Del på Stumbleupon Del
Loading ...