Remove BKDR_KASIDET.FD a.k.a. Backdoor.Neutrino - How to, Technology and PC Security Forum |

Remove BKDR_KASIDET.FD a.k.a. Backdoor.Neutrino

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

TypeTrojan, Backdoor
Short DescriptionThe backdoor is aimed at stealing information from the infected PC.
SymptomsFolders, values, and mutexed are added to the system.
Distribution MethodSpam emails (attachments)
Detection toolDownload Malware Removal Tool, to See If Your System Has Been Affected By BKDR_KASIDET.FD

BKDR_KASIDET.FD is a malicious Trojan horse with backdoor capabilities that has been detected recently in the wild. Other aliases of the threat are Win32/Kasidet.AD (ESET-NOD32), Backdoor.Neutrino (Malwarebytes), and Trojan:Win32/Lezo.A (Microsoft). Once the Kasider Trojan has sneaked in the system, various types of information are endangered, including banking and credit card credentials. Its primary distribution method is via email (spam)

BKDR_KASIDET.FD Malware Specifications

The backdoor is associated with the Kasidet a.k.a. Neutrino bot which is well-known for its DDoS (distributed denial-of-service) attacks. According to multiple security reports, Kasidet has been leaked in an underground forum in July, 2015. The latest 3.6 version had a brand new feature – ‘ccsearch’. Ccsearch is used to scrap payment card details from PoS systems.



As already specified, the backdoor is distributed via corrupted email attachments to mass-mailed email messages. BKDR_KASIDET.FD will delete itself after it is executed.

According to the report by TrendMicro, the Kasidet backdoor is capable of:

  • Connecting to a specific URL to send and receive commands from a remote server.
  • Executing malicious commands on the infected system.
  • Stealing information from the system.
  • Hooking Windows API to defined browsers and clients.

Once the backdoor is installed, it will add the following folder:

→%Application Data%\Y1FeZFVYXllb

Then, the malicious piece will drop the following copy of itself:

→%Application Data%\Y1FeZFVYXllb\{random filename}.exe

Finally, a mutex is also added to make sure that only one of the copies runs every single time:


BKDR_KASIDET.FD Backdoor Activities

There is a list of activities that will be initiated remotely by the hacker:

  • Downloading and executing multiple malicious files and processes.
  • Updating itself.
  • Uninstalling itself.
  • Finding files.
  • Performing Remote Shell.
  • Performing a DDoS attack.

The backdoor is reported to connect to two URLs (currently blocked) to receive commands and information from a remote location:


Types of Stolen Information

According to security researchers at TrendMicro, the backdoor aims at the following data:

  • ComputerName
  • OS Version
  • Machine GUID


The BKDR_KASIDET.FD backdoor is associated with the WORM_KASIDET.SC which is known to affect PoS systems and steal money by obtaining credit card information over a command-and-control server. Apart from stealing money and performing distributed denial-of-service attacks, the worm is reported to log keystrokes, copy clipboard data, capture screenshots, and infect removable drives and network folders.

BKDR_KASIDET.FD Removal Options

Malicious threat should be removed automatically via powerful anti-virus software that runs in real time. It is highly recommended to apply automated removal. Because of its backdoor capabilities and the association with a worm of the same family, manual removal is not considered safe. However, we have compiled several steps that apply to Trojan horses. Find them below the article.

Step 1: Start Your PC in Safe Mode to Remove BKDR_KASIDET.FD.

Removing BKDR_KASIDET.FD from Windows XP, Vista, 7 systems:

1. Remove all CDs and DVDs, and then Restart your PC from the “Start” menu.
2. Select one of the two options provided below:

For PCs with a single operating system: Press “F8” repeatedly after the first boot screen shows up during the restart of your computer. In case the Windows logo appears on the screen, you have to repeat the same task again.


For PCs with multiple operating systems: Тhe arrow keys will help you select the operating system you prefer to start in Safe Mode. Press “F8” just as described for a single operating system.


3. As the “Advanced Boot Options” screen appears, select the Safe Mode option you want using the arrow keys. As you make your selection, press “Enter“.

4. Log on to your computer using your administrator account

While your computer is in Safe Mode, the words “Safe Mode” will appear in all four corners of your screen.

Removing BKDR_KASIDET.FD from Windows 8, 8.1 and 10 systems:

Substep 1:

Open the Start Menu
Windows-10-0 (1)

Substep 2:

Whilst holding down Shift button, click on Power and then click on Restart.

Substep 3:

After reboot, the aftermentioned menu will appear. From there you should choose Troubleshoot.

Substep 4:

You will see the Troubleshoot menu. From this menu you can choose Advanced Options.
Windows-10-2 (1)

Substep 5:

After the Advanced Options menu appears, click on Startup Settings.
Windows-10-3 (1)

Substep 6:

Click on Restart.
Windows-10-5 (1)

Substep 7:

A menu will appear upon reboot. You should choose Safe Mode by pressing its corresponding number and the machine will restart and boot into Safe Mode so you can scan for and remove BKDR_KASIDET.FD.

Step 2: Remove BKDR_KASIDET.FD automatically by downloading an advanced anti-malware program.

To clean your computer you should download an updated anti-malware program on a safe PC and then install it on the affected computer in offline mode. After that you should boot into safe mode and scan your computer to remove all BKDR_KASIDET.FD associated objects.

NOTE! Substantial notification about the BKDR_KASIDET.FD threat: Manual removal of BKDR_KASIDET.FD requires strong PC security knowledge. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share