1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. System Infected: Backdoor.Ratenjay.C/D Activity

System Infected: Backdoor.Ratenjay.C/D Activity

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects the network activity of Backdoor.Ratenjay

Additional Information

When the Trojan is executed, it creates connects to a remote server which can send commands to perform the following actions on the infected machine:

- pop a messagebox
- open a webpage
- DDOS a target
- download and run other files
- run an AutoIt script
- run commands using the cmd.exe
- retrieve passwords
- update the installed backdoor
- uninstall the backdoor
- cause a BSOD

Affected

  • Windows 2000, Windows 7, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube