Trojan/Backdoor/RAT/BeastDoor.200.a

Alias: Beast 2.00, Win32/Beastdoor.200.G trojan, Win32.Ulysses.200.A, Backdoor.BeastDoor.200.b, security risk or a "backdoor" program

Description: This RAT program was created for spying on MSN users. No real harm can be done by it, but the victim's personal information is fully exposed to the hacker. The source code is included, so anyone who knows Delphi programming language can reprogram this virus to fit his personal needs. The tool uses "trojan" abilities to sneak in to victim's system. As well as a "backdoor" function, allowing the intruder to connect and steal vital data. The author of this program is ZhorTroX, but like I said, anyone who knows Delphi can reprogram it and make some modifications. This version originated in March 2004. It has an interesting ability – the hacker can reconfiguge the server before infecting his victim with it.

Threat type:

Backdoor - A Backdoor is an undocumented or secret means that can be used to obtain unauthorized access to your computer, or a malicious program that uses such a means to penetrate a computer system. Backdoor applications exploit vulnerabilities of installed programs or operating system and allow attackers to gain control over your computer system. Backdoor works in the background and hides from the user. It is always a high security risk.

RAT - Remote Administration Tool (RAT) is a software application which provides an attacker with the capability to control your computer system remotely whenever you are online. The attacker can perform operations such as programs and/or files adding/deleting, files transfers, capturing screenshot, etc. Attacker may use captured computer for different personal needs such as to send malicious attacks.

Trojan - A Trojans or Trojan Horse is any programs that installs itself secretly, quite often with sinister intent. Once installed, the trojan author (hacker) can gain complete control of the infected PC. Trojans are usually designed to steal sensitive information and/or destroy the system. Trojans can be distributed as unsolicited email attachments, or bundled with freeware and shareware programs.

Advice: Remove This is a very high risk threat and should be removed immediately as to prevent harm to your computer or your privacy.

Detection:
SpyNoMore detects Trojan/Backdoor/RAT/BeastDoor.200.a: Yes

Threat risk: High Risk

Very dangerous malware. Can log user's keyboard activity and take snapshots of the user's screen. Uses stealth installation and removal is very difficult. Category includes spyware programs, adware programs and trojans.

Symptoms:

Trojan/Backdoor/RAT/BeastDoor.200.a Signature Details: The following information includes some of the standard signatures associated with this spyware threat. Please do not attempt to manually remove these items from your computer; Removing these items incorrectly or partially can cause your computer to experience critical errors, prevent your computer from restarting or cause loss of Internet connectivity. Should you be infected with Trojan/Backdoor/RAT/BeastDoor.200.a, you can clean your computer by downloading SpyNoMore now.

Running Process Signatures:
N/A

File Signatures:
%WINDOWS%\system\kd.txs
%WINDOWS%\command\msndxp.com
%WINDOWS%\dxdgns.dll
%WINDOWS%\system\msbxbs.com
%WINDOWS%\system\msbwdr.com
%WINDOWS%\command\msisai.com
%WINDOWS%\command\msqlxh.com
%WINDOWS%\system\msbeku.com

Registered Dll (Dynamic Link Library) Signatures:
N/A

Folder Signatures:
N/A

Registry Signatures:
HKCR\beastfile1
HKCR\.bad
HKCR\beastfile

SpyNoMore Collected Residual File Signatures:
N/A

See Also:
Tracking Cookie/CGI-Bin
Tracking Cookie/Comclick.com
Key Logger/Logol2 1.06
Key Logger/PC Eyes 1.12
Trojan/Exploit/HideExec
Trojan/Hacker Tool/Eesdns
Backdoor/RAT/Optix.Pro.13-1
Hacker Tool/Aaron's WebVacuum
Hacker Tool/Access Diver
Adware/AceNotes Free