Malware type: Backdoor

Aliases: Backdoor.Win32.Haxdoor.lf (Kaspersky), Backdoor.Haxdoor (Symantec), DR/Haxdoor.LF (Avira), Troj/Haxdoor-DG (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Description: 

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

Malware Overview

This backdoor arrives on a system either downloaded from the Internet or dropped by other malware.

When executed, it drops several files in the Windows system folder. It creates certain registry keys and entries to enable this backdoor to execute even when the affected system is running in safe mode.

It uses rootkit technology to hide its files and processes, making detection more difficult.

This backdoor opens a random port and allows a remote malicious user to perform several commands on the affected system. This routine compromises system security and opens the affected machine to further attacks.

For additional information about this threat, see:
Solution
Technical Details

Description created: Oct. 10, 2006 3:53:17 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.