Note: On some occassions, this detection was used as a misleading tecniques by rogue security program as shown in the image below.
Backdoor.Win32.Haxdoor.gu is a definition for malware with remote access capability. This particular version can allow a remote attacker to gain control of the infected computer through backdoor. The Trojan frequently communicates to a remote server to download other malware that it can drop and execute on victim's machine.
When executed, Backdoor.Win32.Haxdoor.gu will directly hit Windows registry. It will include certain values in order to disable warning messages that Windows prompts each time an illegal activity occurs on the system. The same actions will carry out by the Trojan that will reduce the security settings on Internet Explorer as well as operating system. With this action, user may be prone to any virus attack during the presence of Backdoor.Win32.Haxdoor.gu.
Like most Trojan, Backdoor.Win32.Haxdoor.gu will create a registry entry to run itself on Windows start-up. It may also inject harmful code into valid processes typically running on Windows operating system.
Then, the Trojan tries to contact a command and control (C&C) server through HTTP request using a configured Port. During analysis, it was discovered that most of C&C servers will provide remote command for this threat, giving an attacker full control on the compromised PC.
Backdoor.Win32.Haxdoor.gu allows a remote attacker to control the infected computer. It was also made to gather sensitive data like user name, password, and other vital software and hardware information. This Trojan is also capable of upgrading itself by contacting a remote server to download file updates.
Backdoor Trojan are known for their capabilities taking control over an infected PC. Normally, this threat chews system resources more than any other threat. Thus, user may see sudden reduction on system performance as well as slow Internet connection.
How to Remove Backdoor.Win32.Haxdoor.gu
1. Download Malwarebytes' Anti-Malware from this link and save it on your Desktop.
2. After downloading, double-click on mbam-setup.exe to install the application.
3. Follow the prompts and install as default only.
4. Before the installation completes, check on the following prompts:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
5. Click Finish. Program will run automatically and you will be prompt to update the program before doing a scan. Please update.
6. Scan your computer thoroughly.
7. When scanning is finished click on the Show Results button.
8. Make sure that all detected threats are marked, click on Remove Selected.
9. Restart your computer.
Note: Some malware may prevent mbam-setup.exe from downloading and running. You can download and rename this program from a different computer before running it on infected system.