Insurrection (trojan horse)
From Wikipedia, the free encyclopedia
Insurrection (Trojan Horse) is a remote administration tool or remote administration trojan (RAT) as well as a backdoor program that allows an intruder to secretly and remotely access a person's computer using a client program installed on the intruder's PC and a server program secretly installed on the victim's PC. Using the trojan, the intruder is able to control aspects of the victim's PC, including disabling antivirus and firewall software, browse the victim's files, upload and download files, and log keystrokes among other unwanted activities.
Contents |
[edit] Author
RaGe
[edit] Aliases
Backdoor.Win32.Delf.gw (Kaspersky Lab), Backdoor.Delf.gw (Kaspersky Lab), BackDoor-FS (McAfee), Backdoor.Trojan (Symantec), BackDoor.Insurrect.10 (Doctor Web), Backdoor:Win32/Delf.GW (RAV), BKDR_DELF.HU (Trend Micro), BDC/Delf.GW.Cli (H+BEDV), Win32:Trojan-gen. (ALWIL), BackDoor.Delf.ER (Grisoft), Backdoor.Delf.GW (SOFTWIN), Bck/Insurect.B (Panda), Win32/Delf.GW (Eset).
[edit] Infection
Insurrection is distributed in the same way as many trojans, through e-mail messages convincing the user to run an attached infected file or through malicious Web sites disguising the trojan as a useful tool.
[edit] Payload
Remote Access Tool
Backdoor
Antivirus Killer
Firewall Killer
Keylogger
Client Notifier
[edit] Removal
Insurrection is detected and removed by most common antivirus or antispyware tools.
To manually remove the trojan:
Kill the following processes:
insurrection.exe, serverside.exe, hhsetup.exe
Remove the following files:
about.mp3, icon hacking.txt, insurrection.exe, notifications.txt, readme.txt, serverside.exe. hhsetup.exe in Windows\system\