Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Bionet


Aliases:


Bionet
Backdoor.Bionet

Malware
Backdoor
W32

Summary

Bionet is a backdoor - hacker's remote access tool. It's not so advanced as Sub7 or BackOrifice or Netbus backdoors. It consists of server and client parts. The server part is usually hiddenly installed on a victim's computer and it can be controlled by a client part from another (hacker's) computer when both systems are on Internet.



Disinfection & Removal

Automatic Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.



Technical Details

A victim usually gets infected with a server part by clicking on infected attachments that is sent to him by his on-line 'friends'. The server part when run gets installed as LIBUPDATE.EXE file into \Windows\ folder. It modifies Windows registry to be run during all windows sessions. Also the keylogging DLL named BNHOOK.DLL is dropped into the same folder.

The server part allows a hacker to perform the following actions on a remote system:

Open/close CD-Rom drive tray
 Capture screen of remote system
 Shutdown Window, reboot, power down a system
 Send messages to remote system and get replies
 Open file manager and execute, upload, download and delete files on remote system
 Show/hide Start button
 Set and trace position of mouse cursor on remote system
 Terminate certain applications
 Direct remote system webbrowser to any webpage
 Get server version info and remove it from a remote system
 Log all the events

To perform disinfection it is enough to delete the server part of this backdoor from a system. It's better to do it from pure DOS.





Technical Details: Alexey Podrezov; F-Secure Corp.; June 2001



Submit a sample




Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)

Give And Get Advice




Give advice. Get advice. Share the knowledge on our free discussion forum.

Scan and clean your PC




F-Secure Online Scanner will scan and clean your PC in just a few minutes for free