Login or Register to Ask a Question and Join Our Community


Malware Advisories (RSS)

Bkdr_pcclient.yp

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Malware Advisories (RSS) Bkdr_pcclient.yp
# 1  
Old 02-05-2008
Bkdr_pcclient.yp
This backdoor is a .DLL component dropped by other malware to serve as its backdoor component. It is usually dropped in the system folder and registered as system service to ensure its automatic execution every system startup. It is then injected as thread into running processes to remain memory resident and makes it difficult to terminate.
This backdoor connects to a certain URL via a random port and executes commands locally on affected machines.
However, it requires its main component to run properly.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT REDHAT

rmm

RMM(1)                                                               [nmh-1.5]                                                              RMM(1)

NAME

       rmm - remove messages

SYNOPSIS

       rmm [+folder] [msgs] [-unlink | -nounlink] [-version] [-help]

DESCRIPTION

       By  default,  rmm  will remove the specified messages by renaming each of the message files with a site-dependent prefix (usually a comma).
       Such files will then need to be removed in some manner after a certain amount of time.  Many sites arrange for cron to remove  these  files
       once a day, so check with your system administrator.

       Alternately,  if  you  wish  for  rmm to really remove the files representing these messages, you can use the -unlink switch.  But messages
       removed by this method cannot be later recovered.

       If you prefer a more sophisticated method of `removing' messages, you can define the rmmproc profile component.  For example, you can add a
       profile component such as

            rmmproc:  /home/foouser/bin/rmm_msgs

       then instead of simply renaming the message file, rmm will call the named program or script to handle the files that represent the messages
       to be deleted.

       Some users of csh prefer the following:

            alias rmm 'refile +d'

       where folder `+d' is a folder for deleted messages, and

            alias mexp 'rm `mhpath +d all`'

       is used to "expunge" deleted messages.

       The current message is not changed by rmm, so a next
        will advance to the next message in the folder as expected.

FILES

       $HOME/.mh_profile          The user profile

PROFILE COMPONENTS

       Path:                To determine the user's nmh directory
       Current-Folder:      To find the default current folder
       rmmproc:             Program to delete the message

SEE ALSO

       refile(1), rmf(1)

DEFAULTS

       `+folder' defaults to the current folder
       `msgs' defaults to cur
       `-nounlink'

CONTEXT

       If a folder is given, it will become the current folder.

BUGS

       Since refile uses your rmmproc to delete the message, the rmmproc must NOT call refile without specifying -normmproc, or you will create an
       infinte loop.

MH.6.8                                                             11 June 2012                                                             RMM(1)