XBlock By Actiance - Home
Someone Spying on You? Fight Back!
Currently Notice: Undefined variable: incprefix in /data/www/xblock/product_show.php on line 123 25,860,543 Spy Software Busted!
Full Name:
Type: Trojan
Also Known As: Peerbot.B (PandaSoftware), W32/Peerbot.B.worm
Danger Level: 7
Category Description: Trojans are malicious applications that pose themselves as legitimate software in order to trick users to install them. Once on the victim's machine, it may run any number of malicious process to steal vital information or inflict damage to other software.
Comment: BackDoor.JK is an IRC Backdoor Trojan Horse that gives its author control of an infected computer through Internet Relay Chat (IRC).

It adds False IP's to more than 50 popular antivirus companies urls in the Host file, disables antivirus notifications, firewall notifications, update notifications, and overrides firewalls. It also steals data from SQL Server and Mysql databases.

BackDoor.JK creates the folder, %Windir%\system32\programs\.
These files are used for Transmission through P2P programs.

Copies itself to the %Windir%\system32\programs\ folder as the following filenames:
2 Find MP3 8.2.0.exe
Adobe InDesign CS 2.exe
Adobe keygen for photoshop indesign incopy SERIAL crack.exe
Adobe Photoshop CS 2.exe
Autocad 2002 Crack.exe
Autocad 2004 Crack.exe
Autocad 2005 Crack.exe
Autocad 2006 Crack.exe
Counter strike - cs full version.exe
Counter strike keygen WORKING FOR ONLINE STEAM.exe
Credit card generator.exe
Eric vd Vogt Gay Movie - Dutch homosexual fetish raped.exe
Fifa 2006 FULL with crack.exe
Fifa 2007 FULL with crack.exe
flash 8.exe
Free SMS Bomber.exe
Google hack tutorial for beginners.exe
HalfLife 2 WORKING Steam crack.exe
Hotmail account hacker in 30 minutes.exe
Hotmail hacker.exe
Hotmailhacker v1.0.exe
IP Changer.exe
Microsoft Office Activation Crack.exe
Microsoft Office Professional Crack.exe
Microsoft Office Professional Serial.exe
Microsoft Office Professional Universal Crack without serial.exe
Microsoft Office Universal Activator v1.0.exe
MSN hacker - password stealer.exe
norton anti virus FULL NEWEST VERSION.exe
Norton AntiVirus 2005 crack.exe
Norton AntiVirus 2006 crack.exe
Norton antivirus crack.exe
Norton firewall 2006 crack.exe
psx2 - playstation 2 emulator.exe
toon boom.exe
UniVersal GSM unlocker for removing simlock (NOKIA,ERICSSON,SONY,SAMSUNG,OTHERS).exe
WinRAR 4 beta.exe
ZoneAlarm crack (keygen).exe
Manual Removal: Large amount of Hijacked domains are placed in the Hosts file. Its probably better to delete the file itself than to fix each item.(and create a Backup)
File location is C:\Windows\System32\drivers\etc\hosts

To Correct Modified Registry Values:

1.Click on Start , click run.
2.Type "regedit" and press enter.
3.Navigate to "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center"
4.Right Click on "AntiVirusDisableNotify" ,click on Modify , Type " 0 " in Value Data field in place of "1" and press Enter.
5.Right Click on "FirewallDisableNotify" , click on Modify , Type "0" in Value Data field in place of "1" and press Enter.
6.Right Click on "FirewallOverride" , click on Modify , Type "0" in Value Data field in place of "1" and press Enter.
7.Right Click on "UpdatesDisableNotify" , click on Modify , Type "0" in Value Data field in place of "1" and press Enter.
8. Navigate to "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" .
9. Right Click on "Shell" , click on Modify , Type "Explorer.exe" in Value Data field in place of "Explorer.exe taskdrv.exe" and press Enter.
10. Restart computer.

Back to the list of products removed by X-Cleaner

© Copyright 2003-2011, Actiance, Inc. All rights reserved.   Privacy Policy