Threat description



Bionet is a backdoor - hacker's remote access tool. It's not so advanced as Sub7 or BackOrifice or Netbus backdoors. It consists of server and client parts. The server part is usually hiddenly installed on a victim's computer and it can be controlled by a client part from another (hacker's) computer when both systems are on Internet.


Automatic action

Depending on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the suspect file, or ask you for a desired action.

More scanning & removal options

More information on the scanning and removal options available in your F-Secure product can be found in the Help Center.

You may also refer to the Knowledge Base on the F-Secure Community site for more information.

Contact Support

F-Secure customers can request support online via the Request support or the Chat forms on our Home - Global site.

Technical Details

A victim usually gets infected with a server part by clicking on infected attachments that is sent to him by his on-line 'friends'. The server part when run gets installed as LIBUPDATE.EXE file into \Windows\ folder. It modifies Windows registry to be run during all windows sessions. Also the keylogging DLL named BNHOOK.DLL is dropped into the same folder.

The server part allows a hacker to perform the following actions on a remote system:

Open/close CD-Rom drive tray  Capture screen of remote system  Shutdown Window, reboot, power down a system  Send messages to remote system and get replies  Open file manager and execute, upload, download and delete files on remote system  Show/hide Start button  Set and trace position of mouse cursor on remote system  Terminate certain applications  Direct remote system webbrowser to any webpage  Get server version info and remove it from a remote system  Log all the events  

To perform disinfection it is enough to delete the server part of this backdoor from a system. It's better to do it from pure DOS.

Submit a Sample

Suspect a file or URL was wrongly detected?
Send it to our Labs for further analysis

Submit a Sample

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

More Info