Security Info

  • Security Center
    • Virus
  • Security Dictionary
  • Security Service
  • Free Download!!

Threats DB


Typical Symptoms  
Discovered  [korea] 0000-00-00
 [Foreign] 0000-00-00
Type  Backdoor ActiveField  Win32
Origin  others Encryption  NO
Location  Macro Memory residence  NO
Scan engine needed
2011-8-25 [Able to detect & repair]
  • Free trial download

A.     Route of Infection

Backdoor.ASP.S.Ace.92570 does not spread out as itself, and it is downloaded from hacked site or other malicious codes such as Spy/Adware, Dropper, and etc.


B.     Symptom of Infection

1)  It is an ASP file, so it cannot be executed like normal file nor through web, either.


2)  Once it is executed, password request window comes out and runs after password inputting. 


[PIC 1] Password request page


3.)    The code is one of the WepShells, so pops up the following window and shows ASP server information. Also, it is available to download file or folder and to copy, delete, and move as itself.



[PIC 2] ASP server's file contents


4)  The code has Iframe function, so it can access to wherever it wants by inserting codes.



[PIC 3] Iframe insertion


5)  It is available to check ASP server's system version and information.



[PIC 4] ASP server's information


Removal Instructions

[How to repair]

Reparable by ViRobot engine ver.2011-08-25.02 or above.

Copyright 2008 @ HAURI Inc. All rights reserved. SiteMap