Know Your Malware: Ryknos.b Removal

Ryknos.b is an IRC-controlled backdoor that provides the attacker with unauthorized remote access to a compromised computer. The intruder can download and execute arbitrary files, retrieve system and network information, send messages to specified remote hosts. Ryknos.b uses the infamous First4DRM rootkit to hide itself in the system. It is able to bypass Windows Firewall. Ryknos.b automatically runs on every Windows startup.

Related files: $sys$xp.exe

Ryknos.b properties:
Allows remote user connection
Connects itself to the internet
Hides from the user
Stays resident in background Remove Ryknos.b, removal instructions

Linked by shanmuga Sunday, 13th November 2005 12:42AM