Know Your Malware: Ryknos Removal

Ryknos is an IRC-controlled backdoor that provides the attacker with unauthorized remote access to a compromised computer. The intruder can download and execute arbitrary files, retrieve system and network information, send messages to specified remote hosts. The threat silently downloads from the Internet and installs another backdoor called Looksky.b. Ryknos uses the infamous First4DRM rootkit to cloak itself in the system. It is able to bypass Windows Firewall. The backdoor attempts to automatically run on every Windows startup, but fails.

Related files: $sys$drv.exe, bk.exe

Ryknos properties:
Allows remote user connection
Connects itself to the internet
Hides from the user
Stays resident in background Remove Ryknos, removal instructions

Linked by shanmuga Saturday, 12th November 2005 9:30PM