Classification

Category: Other

Type: -

Aliases: Bionet, Backdoor.Bionet

Summary


Bionet is a backdoor - hacker's remote access tool. It's not so advanced as Sub7 or BackOrifice or Netbus backdoors. It consists of server and client parts. The server part is usually hiddenly installed on a victim's computer and it can be controlled by a client part from another (hacker's) computer when both systems are on Internet.

Removal


Automatic action

Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.

Knowledge Base

Find the latest advice in our Community Knowledge Base.

About the product

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details


A victim usually gets infected with a server part by clicking on infected attachments that is sent to him by his on-line 'friends'. The server part when run gets installed as LIBUPDATE.EXE file into \Windows\ folder. It modifies Windows registry to be run during all windows sessions. Also the keylogging DLL named BNHOOK.DLL is dropped into the same folder.

The server part allows a hacker to perform the following actions on a remote system:

Open/close CD-Rom drive tray
Capture screen of remote system
Shutdown Window, reboot, power down a system
Send messages to remote system and get replies
Open file manager and execute, upload, download and delete files on remote system
Show/hide Start button
Set and trace position of mouse cursor on remote system
Terminate certain applications
Direct remote system webbrowser to any webpage
Get server version info and remove it from a remote system
Log all the events

To perform disinfection it is enough to delete the server part of this backdoor from a system. It's better to do it from pure DOS.