Insurrection (trojan horse)

From Wikipedia, the free encyclopedia

Insurrection (Trojan Horse) is a remote administration tool or remote administration trojan (RAT) as well as a backdoor program that allows an intruder to secretly and remotely access a person's computer using a client program installed on the intruder's PC and a server program secretly installed on the victim's PC. Using the trojan, the intruder is able to control aspects of the victim's PC, including disabling antivirus and firewall software, browse the victim's files, upload and download files, and log keystrokes among other unwanted activities.

Contents 1 Author 2 Aliases 3 Infection 4 Payload 5 Removal 6 Images 7 Sources

[edit] Author

RaGe

[edit] Aliases

Backdoor.Win32.Delf.gw (Kaspersky Lab), Backdoor.Delf.gw (Kaspersky Lab), BackDoor-FS (McAfee), Backdoor.Trojan (Symantec), BackDoor.Insurrect.10 (Doctor Web), Backdoor:Win32/Delf.GW (RAV), BKDR_DELF.HU (Trend Micro), BDC/Delf.GW.Cli (H+BEDV), Win32:Trojan-gen. (ALWIL), BackDoor.Delf.ER (Grisoft), Backdoor.Delf.GW (SOFTWIN), Bck/Insurect.B (Panda), Win32/Delf.GW (Eset).

[edit] Infection

Insurrection is distributed in the same way as many trojans, through e-mail messages convincing the user to run an attached infected file or through malicious Web sites disguising the trojan as a useful tool.

[edit] Payload

Remote Access Tool
Backdoor
Antivirus Killer
Firewall Killer
Keylogger
Client Notifier

[edit] Removal

Insurrection is detected and removed by most common antivirus or antispyware tools.

To manually remove the trojan:

Kill the following processes:

insurrection.exe, serverside.exe, hhsetup.exe

Remove the following files:

about.mp3, icon hacking.txt, insurrection.exe, notifications.txt, readme.txt, serverside.exe. hhsetup.exe in Windows\system\

[edit] Images

[edit] Sources

• [1] - Computer Associates Pest Patrol Spyware Center Entry
• [2] - Pareto Logic Removal Entry
• [3] - SpywareDB Removal Instructions