Backdoor.Simda is a harmful backdoor Trojan first released on 18 May, 2011. This disgusting Trojan was designed to afford access to its developers to the infected PC, and also to make it much easier for other types of malware to enter the system. This Trojan infection is regarded by leading security tools to be a severe threat, and users are warned to destroy Backdoor.Simda as soon as possible.
Because Backdoor.Simda enters the system surreptitiously and performs all of its actions in the background, there are no identifiable symptoms to be on the lookout for. The only notification the user will receive as to the presence of Backdoor.Simda on the system will come from notifications generated by installed security software. This will already make much more difficult for users to identify and remove Backdoor.Simda from the system without some type of help.
Once Backdoor.Simda securely roots itself in the system, it will execute then check if the Trojan is running from the . If it is not running from this folder, Backdoor.Simda will copy itself as \.exe/ It will modify the following registry entry to execute its copy at Windows start:
In subkey: HKLM\Software\Microsoft\Windows NT\Currentversion\Winlogon
The Trojan will also inject code to the process “svchost.exe, and deletes the original executable.
Backdoor.Simda connects to a remote host and relays information of the infected PC to its developers. It will then receive configuration info on where to download additional files to, and other locations from which to download more configuration files. Downloaded files are written to the %TEMP% folder. These files may include more malware. Some of the domains Backdoor.Simda will contact include the following:
The Trojan will also use various techniques to elevate its privileges on the system. It will attempt to log on to the system as an Administrator using a list of passwords:
In order to limit the damage Backdoor.Simda will cause to the PC, and to stop it dead in its tracks, destroy Backdoor.Simda with the help of a powerful security tool which will not only erase Backdoor.Simda but also protect the system against similar attacks in future.
- Installs itself without permissions
- Connects to the internet without permission
- Slow internet connection
- Slow Computer