secure2.bat - Dangerous
secure2.bat
Manual removal instructions:
Antivirus Report of secure2.bat:
secure2.bat
Backdoor.IRC.Zcrew.C is a backdoor Trojan horse that may allow for the remote control of an infected system through IRC and FTP.
Allows unauthorized access to the infected machine.
When Backdoor.IRC.Zcrew.C is executed, it performs the following actions:
Creates the following files in the %System%\instsrv folder:
001.config; Configure; COPYING; cygregex.dll; cygwin1.dll; firedaemon.exe; foxdg.exe; hideapp.exe; ident.exe; inst.bat; iroffer.cron; KILL.EXE;
lrs.reg; Makefile.config; mybot.ignl; mybot.ignl.bkup; mybot.ignl.tmp; new.txt; README; rn.bat; secure1.bat; secure2.bat; startsecure.bat; test.bat; WHATSNEW
Creates the following nonmalicious files in the folder, %System%\instsrv\src:
admin.c; dccchat.c; defines.h; display.c; globals.h; headers.h; iroffer.c; iroffer.cron; misc.c; plugins.c; transfer.c; upload.c; utilities.c
Starts foxdg.exe, which is the Iroffer application, as a service process.
Manual removal:
Navigate to the key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
amd delete the value: "Bat"="C:\winnt\system32\instsrv\secure2.bat"
Also you must delete the nonmalicious files:
Navigate to the %System%\instsrv and %System%\instsrv\src folders and delete any files.
| secure2.bat | Malware |
| secure2.bat | Dangerous |
| secure2.bat | High Risk |
Allows unauthorized access to the infected machine.
When Backdoor.IRC.Zcrew.C is executed, it performs the following actions:
Creates the following files in the %System%\instsrv folder:
001.config; Configure; COPYING; cygregex.dll; cygwin1.dll; firedaemon.exe; foxdg.exe; hideapp.exe; ident.exe; inst.bat; iroffer.cron; KILL.EXE;
lrs.reg; Makefile.config; mybot.ignl; mybot.ignl.bkup; mybot.ignl.tmp; new.txt; README; rn.bat; secure1.bat; secure2.bat; startsecure.bat; test.bat; WHATSNEW
Creates the following nonmalicious files in the folder, %System%\instsrv\src:
admin.c; dccchat.c; defines.h; display.c; globals.h; headers.h; iroffer.c; iroffer.cron; misc.c; plugins.c; transfer.c; upload.c; utilities.c
Starts foxdg.exe, which is the Iroffer application, as a service process.
Manual removal:
Navigate to the key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
amd delete the value: "Bat"="C:\winnt\system32\instsrv\secure2.bat"
Also you must delete the nonmalicious files:
Navigate to the %System%\instsrv and %System%\instsrv\src folders and delete any files.
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.