Threat Description

Backdoor:​W32/Ghost.gen!A

Details

Aliases:Backdoor:​W32/Ghost.gen!A, Trojan.Win32.Dialer
Category:Malware
Type:Backdoor
Platform:W32

Summary



A remote administration utility which bypasses normal security mechanisms to secretly control a program, computer or network.



Removal


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More

You may wish to refer to the Support Community for further assistance. You also may also refer to General Removal Instructions for a general guide on alternative disinfection actions.



Technical Details



Backdoor:W32/Ghost.gen!A is the Generic Detection for the Ghost backdoor program.Ghost originates from China.

Activity

The Server component of this program has the following settings:

  • Port
  • Max connections
  • DNS/IP
  • Connect through Socks5
  • Use Proxy
  • Username/Password support
  • Service name/Descriptor name that appears in victim's machine

When using Ghost, a remote attacker can execute the following actions on an infected machine:

  • Perform various file operations
  • Perform screen captures
  • Perform keylogging
  • Execute a Remote Shell
  • Process Manager
  • Uninstall the backdoor from the machine
  • Webcam view
  • Perform Audio captures
  • Download/execute files
  • Update the server
  • Open URLs





SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Scan & clean your PC

F-Secure Online Scanner will scan and clean your PC in just a few minutes for free

Learn More