Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:BDS/Deborm.Q.3
Date discovered:13/12/2012
Type:Backdoor Server
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Medium
Static file:Yes
File size:17.440 Bytes
MD5 checksum:cdd5e0b31e2a260f7ec99dcb4a8ab3da
VDF version:7.11.53.216

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Symantec: Backdoor.Litmus
   •  Mcafee: BackDoor-QY
   •  Kaspersky: Backdoor.Win32.Litmus.203
   •  TrendMicro: BKDR_LITMUS.203B
   •  F-Secure: W32/Litmus.C
   •  Panda: Bck/Litmus.203
   •  Grisoft: BackDoor.Litmus
   •  VirusBuster: Backdoor.Litmus.J
   •  Bitdefender: Backdoor.Litmus.2.0.3


Platforms / OS:
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Steals information
   • Third party control

 Files It copies itself to the following location:
   • %WINDIR%\litmus\svchost32.exe

 Registry The following registry key is added in order to run the process after reboot:

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "LTM2"="%WINDIR%\litmus\\SVCHOST32.exe"

 IRC To deliver system information and to provide remote control it connects to the following IRC Server:

Server: **********.bsd.st
Port: 6667
Channel: LTR-002
Nickname: LTR-%four-digit random character string%
Password: 1232

 File details Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with a runtime packer.

Description inserted by Victor Tone on Monday, August 15, 2005
Description updated by Victor Tone on Friday, August 26, 2005

Back . . . .