Backdoor: Win32/Kirts.A

Backdoor: Win32/Kirts.A Description

PC users that are presented with a security alert involving the Backdoor: Win32/Kirts.A should not overlook the detection. The Backdoor: Win32/Kirts.A malware is a Backdoor-Trojan that may be used by a third-party to deploy threats on your machine and compromise the security of networks you are part of. The Kirts Backdoor-Trojan has many versions that are labeled following the model Backdoor: Win32/Kirts.[letter indicating a new version]. The Backdoor-Trojans in the Backdoor: Win32/Kirts family of threats are packed as batch files (.BAT file extension) and are loaded with a CMD script that is used to issue commands to the Windows core directly. The Backdoor: Win32/Kirts malware may be spread among users via spam mail, and you should not download and open RAR files that are attached to spam emails. The Backdoor: Win32/Kirts.A malware is designed to connect to remote servers and download CAB files with additional binary and instructions.

The Backdoor: Win32/Kirts.A malware may open ports on your system to enable its operations, and network administrators may wish to make sure that their firewall is filtering all connections. The Kirts Backdoor-Trojan may use ports 80, 23, 119, 411,412, 591 and 6881 to download malware and allow remote access to your system. The Kirts cyber threat may install a corrupted digital certificate on your OS to bypass code signing policies and modify your file system without raising alarms. The Kirts Backdoor-Trojan may use the files puwuladrur.bat, authrootstl.cab and mscoree.dll to support its activity and run from the Temp directory on the Windows partition. The Kirts Backdoor-Trojan utilizes code injection to hide its operations and is hard to detect with basic run-time analysis. Security analysts note that the variants of Backdoor: Win32/Kirts may be identified as Gen:Variant.Zusy.189561, MSIL/Injector.OZF and Trojan.Win32.IRCbot.aanp. A trusted anti-malware suite can clean computers that are infected with the Backdoor: Win32/Kirts malware and prevent unauthorized access.

Technical Information

File System Details

Backdoor: Win32/Kirts.A creates the following file(s):
# File Name Size MD5 Detection Count
1 %USERPROFILE%\M-50504578098001680130302404020840\windrv.exe 251,352 28d296c7d96eb576fc91efd3e98d284c 37
2 file.exe 641,504 d1f2ef4fb056ec1ab0a8c6a4b3cd5055 0
More files

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.