Click on screenshot to zoom
Danger level 6
Type: Trojans
Common infection symptoms:
  • Installs itself without permissions
  • Connects to the internet without permission
  • Slow internet connection
  • Slow Computer
Other mutations known as:
Backdoor.Simda.A

Backdoor.Simda

Backdoor.Simda is a harmful backdoor Trojan first released on 18 May, 2011. This disgusting Trojan was designed to afford access to its developers to the infected PC, and also to make it much easier for other types of malware to enter the system. This Trojan infection is regarded by leading security tools to be a severe threat, and users are warned to destroy Backdoor.Simda as soon as possible.

Download Spyware Removal Tool to Remove* Backdoor.Simda
  • Quick & tested solution for Backdoor.Simda removal.
  • 100% Free Scan for Windows

Because Backdoor.Simda enters the system surreptitiously and performs all of its actions in the background, there are no identifiable symptoms to be on the lookout for. The only notification the user will receive as to the presence of Backdoor.Simda on the system will come from notifications generated by installed security software. This will already make much more difficult for users to identify and remove Backdoor.Simda from the system without some type of help.

Once Backdoor.Simda securely roots itself in the system, it will execute then check if the Trojan is running from the . If it is not running from this folder, Backdoor.Simda will copy itself as \.exe/ It will modify the following registry entry to execute its copy at Windows start:

In subkey: HKLM\Software\Microsoft\Windows NT\Currentversion\Winlogon
Sets value: "userinit"
With data: "\userinit.exe, \.exe"

The Trojan will also inject code to the process “svchost.exe, and deletes the original executable.

Backdoor.Simda connects to a remote host and relays information of the infected PC to its developers. It will then receive configuration info on where to download additional files to, and other locations from which to download more configuration files. Downloaded files are written to the %TEMP% folder. These files may include more malware. Some of the domains Backdoor.Simda will contact include the following:

gusssiss.com
orlikssss.com
asterixsss.com

The Trojan will also use various techniques to elevate its privileges on the system. It will attempt to log on to the system as an Administrator using a list of passwords:

help
stone
server
pass
idontknow
administrator
admin
666666
111
12345678
1234
soccer
abc123
password1
football1

In order to limit the damage Backdoor.Simda will cause to the PC, and to stop it dead in its tracks, destroy Backdoor.Simda with the help of a powerful security tool which will not only erase Backdoor.Simda but also protect the system against similar attacks in future.

Download Spyware Removal Tool to Remove* Backdoor.Simda
  • Quick & tested solution for Backdoor.Simda removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Backdoor.Simda

Files associated with Backdoor.Simda infection:

ScanDisc.exe
A17e3.exe
AcVxzDUdaGKeNRrGknzO.exe
AA931.exe
A5k5y.exe
1793qG9i.exe
931qG3.exe
kb863643.exe
yWS5e55.exe
up_pack.exe
kb614455.exe
bb0fcfda-5762.exe
0.401293669086526.exe
0.39925685057808624.exe
wuaucldt.exe
2b44fffd.com
ScanDisc.exe
up_pack.exe

Backdoor.Simda processes to kill:

1793qG9i.exe
A5k5y.exe
A17e3.exe
up_pack.exe
bb0fcfda-5762.exe
0.401293669086526.exe
0.39925685057808624.exe
wuaucldt.exe
ScanDisc.exe
up_pack.exe
931qG3.exe
AcVxzDUdaGKeNRrGknzO.exe
kb614455.exe
AA931.exe
yWS5e55.exe
kb863643.exe
ScanDisc.exe
Disclaimer

Comments

  1. Pavithra Aug 11, 2013

    This page was useful. Thanks.
    What does "simda" actually mean?
    why is it called simda?

  2. Pcthreat Aug 12, 2013

    Malware createros have their own reasons to name an infection. It could be just a shortening of something. We cant tell you correctly.

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.