Follow:

 

Backdoor:Win32/Farfli.AV


Microsoft security software detects and removes this threat.

This trojan gives an attacker access to your computer. They can steal your sensitive information and download other malware.



What to do now

To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:

The malware may steal your information by recording your usernames and passwords. You should change your passwords after this threat is removed. The following page has tips on how to create and use strong passwords:

Threat behavior

Installation

The trojan adds itself to the start menu to make sure it loads each time Windows starts. It copies itself as <start menu>\Programs\Startup\killmdx.

Payload

Connects to a remote server

Backdoor:Win32/Farfli.AV tries to connect to a remote server to receive commands.

We have seen it contact hackxiaoben.3322.org

Allows backdoor access and control

This trojan gives an attacker access and control of your computer, including, but not limited to, the following actions:

  • Downloading and running files, including malware
  • Uploading files
  • Spreading to other computers
  • Logging keystrokes or stealing sensitive information
  • Modifying system settings
  • Running or stopping applications
  • Deleting files

Analysis by Daniel Radu


Symptoms

System changes

The following system changes may indicate the presence of this malware: 

  • The presence of the following files:
     
    <start menu>\Programs\Startup\killmdx

 

 


Prevention


Alert level: Severe
First detected by definition: 1.149.188.0
Latest detected by definition: 1.149.188.0 and higher
First detected on: Apr 19, 2013
This entry was first published on: Apr 19, 2013
This entry was updated on: Jul 29, 2013

This threat is also detected as:
No known aliases