Windows 2000, Windows XP, Windows Server 2003
This backdoor is executed every system startup. In turn, it executes a file detected as BKDR_REDSIP.B. As a result, the malicious routines of said backdoor are also exhibited on the infected system.
This backdoor may arrive bundled with malware packages as a malware component. It may be dropped by other malware.
06 Jan 2011
This backdoor may arrive bundled with malware packages as a malware component.
It may be dropped by the following malware:
This backdoor is dropped by BKDR_REDSIP.B into a system as %System%\Startup.dll.
This .DLL is executed every system startup by the service CryptHost which is created by BKDR_RESDIP.B:
Type = 10
Start = 2
ErrorControl = 1
ImagePath = %System Root%\System32\svchost.exe -k CryptHost
ObjectName = LocalSystem
ServiceDll = %System%\Startup.dll
06 Jan 2011
11 Feb 2011
For Windows XP and Windows Server 2003 users, before doing any scans, please make sure you disable System Restore to allow full scanning of your computer.
Remove malware files dropped/downloaded by BKDR_REDSIP.C
Scan your computer with your Trend Micro product and note files detected as BKDR_REDSIP.C
Search and delete the file detected as BKDR_REDSIP.C
Search and delete this file