Expert Virus Removal Services and Technical advice.

We are Providing Computer users with Expert Virus Removal Services and Technical Advice.

Threats and their Removal.

Do you need a quick solution to a technical problem? With our live remote-assistance tool, a member of our support team can view your desktop and share control of your mouse and keyboard to get you on your way to a solution.

Spywares and their Removal.

Are you worried that your computer might be nfected with Spywares? Then this is were you can find Support.

Advices for Protecting the Computer.

Expert Advices for Protecting your computer from attacks from all threats

Different Anti Virus Software and Tools.

Familiarizing different Anti Virus Software and removal Tools.

January 26, 2011

Famous Hacking tools

Hacking tools are designed or programmed to scan other computers, networks, IP Addresses for vulnerabilities, passwords or any other required data.

Backdoor BREPLIBOT.C


This memory-resident backdoor arrives on a system as an attachment in spammed email messages. It may also arrive as a dropped or downloaded file from a remote malicious user. Upon execution, this backdoor drops a copy of itself in the Windows system folder.This backdoor uses Digital Rights Management (DRM) Software, which is a form of rootkit technology, in an attempt to hide malware-related files, folders, and processes.

Hacking Tool


Rootkits are used to hide system information, such as running processes, files, or registry entries. This technology is used in creating a tools that helps in hacking other machines. First 4 Internet Ltd has developed a tool that is a valid Digital Rights Management Software package. As a standalone application, it is non-malicious but some of the malicious application use it to hide their infiltrated files and auto start registry entries thus making the detection more difficult.

This rootkit is  installed in :C:" that is system folder and in windows sub-folder using a file name ARIES.SYS. The said rootkit is then executed as a service by an installation package and is configured to execute at every system startup by creating the following registry entries
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$aries 
This hides files folders and registry keys the begin with the string $sys$ in the Windows operating system. This prevents the user from viewing any files, folders and registry keys that begin with the said string.


There are two malware that will utilize this tool BKDR_BREPLIBOT.C , BKDR_BREPLIBOT.D. 

Removal: 
Take a back up of registry before you edit any thing in registry for this tool. Disable System Restore.
  1. Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
  2. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>Services
  3. Still in the left panel, locate and delete the subkey:
    $sys$aries
  4. Close Registry Editor.
Scan your computer in safe mode with a good anti-virus like Trend Micro, Symantec to remove the files that are installed by malware that uses this tool and also this tool. Even online scanners like Housecall, Rootkit revealer, avast online scanner etc will detect this tool and will remove it.

Related Posts Plugin for WordPress, Blogger...

Search This Blog

Followers

Categories

Twitter Delicious Facebook Digg Stumbleupon Favorites More