Know Your Malware: Civcat Removal


Civcat is a backdoor that gives the attacker unauthorized remote access to a compromised computer. Once executed, the parasite installs itself to the system by reconfiguring a particular Windows system service. Then it contacts predetermined remote hosts and awaits for specific commands from the attacker. The intruder is allowed to retrieve system and network information, download and upload arbitrary files, execute files and run programs, alter the backdoor's configuration and load specified DLL libraries. Civcat automatically runs on every Windows startup.

Civcat properties:
Allows remote user connection
Connects itself to the internet
Hides from the user
Stays resident in background Remove Civcat, removal instructions

Linked by shanmuga Tuesday, 1st November 2005 9:11PM