Click on screenshot to zoom
Danger level 10
Type: Trojans

Backdoor.HareBot

Backdoor.HareBot is a backdoor Trojan infection, which allows for the unauthorized access and control of the infected system, by a remote controller.

In other words, Backdoor.HareBot is an example of a remote administration utility that was designed to open up exploits on an infected system, so as to allow for external control of the machine, via LAN or via the internet itself.

The difference between legitimate remote administrative utilities and Backdoor.HareBot is the fact that Backdoor.HareBot launches and installs backdoor exploits into the system without the user’s knowledge or permission thereof, therefore the infected system is covertly infiltrated and remains covertly active regardless.

As a Backdoor infection, Backdoor.HareBot may be capable of performing the following functions:

• Add registry files
• Download unsolicited files
• Obtain file version information
• Listen on a specific port, to retrieve files and other data
• Found on infected systems and resists interrogation by security products
• Uses low level functions to hide itself from the user and from system/security processes
• The Process is packed and/or encrypted using a software packing process
• Added as a Registry auto start to load Program on Boot up
• Can communicate with other computer systems using HTTP protocols

In order to safeguard a computer system against these types of backdoor infections, there are a few steps one can take to ensure the safety of a computer system:

1. Use a firewall to block all dubious connections from the internet.
2. Enforce a password policy. Ensure the passwords implemented are complex, so as to prevent and limit damage to a compromised system.
3. Ensure that programs and users are at its lowest level of privileges – this way access is limited to the administrator.
4. Disable AutoPlay – this way you prevent the automatic launching of executable files on networks and removal drives.
5. Turn off File Sharing if it is not needed.
6. Turn off and remove all unnecessary services.
7. Always keep patch-levels up-to-date
8. Configure your server to block and remove all email attachments that have the file extensions: .vbs, .bat, .exe, .pif, .scr – as these type files are usually affiliated with malicious applications.
9. So, how would one remove this dubious infection from a computer system?

IT experts are of the opinion that manual removal of Backdoor.HareBot is not the best solution, as the manual removal process is rather complicated and cumbersome, and should not be attempted by someone that is not familiar with the registry files of a computer system.

The best way to ensure your system is safe, and in order to avoid any unneeded risks of damage to your computer system, it is highly recommended to make use of a reliable and legitimate anti-spyware application, to remove Backdoor.HareBot and all its components from the infected computer system.

Download Spyware Removal Tool to Remove* Backdoor.HareBot
  • Quick & tested solution for Backdoor.HareBot removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Backdoor.HareBot

Files associated with Backdoor.HareBot infection:

wpv951255703227.exe
wuaucldt.exe
sys32_nov.exe
restorer64_a.exe
ms18_word.exe
wpv331254042811.exe
photo_id.exe
sys64_nov.exe
sys32_nov.exe
ms18_word.exe
bill110.exe
wuaucldt.exe
av_md.exe
photo_id.exe
restorer64_a.exe
wpv951255703227.exe
wpv331254042811.exe
restorer32_a.exe
sys64_nov.exe
av_md.exe
bill110.exe
restorer32_a.exe

Backdoor.HareBot processes to kill:

sys32_nov.exe
ms18_word.exe
bill110.exe
wuaucldt.exe
av_md.exe
photo_id.exe
restorer64_a.exe
wpv951255703227.exe
wpv331254042811.exe
restorer32_a.exe
sys64_nov.exe
wpv951255703227.exe
sys32_nov.exe
bill110.exe
ms18_word.exe
restorer64_a.exe
sys64_nov.exe
wuaucldt.exe
av_md.exe
restorer32_a.exe
photo_id.exe
wpv331254042811.exe

Remove Backdoor.HareBot registry entries:

photo_id
sys64_nov
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN sys32_nov
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN sys64_nov
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ sysgif32
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ sys64_nov
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ restorer32_a
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN sysgif32
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN restorer32_a
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ restorer64_a
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ photo_id
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ av_md
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ syncman
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ sysfbtray
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.