Backdoor.Rietspoof
Short bio
Backdoor.Rietspoof is Malwarebytes’ detection name for a family of Trojans that enable threat actors to gain remote access and control over an affected Windows system.
Synmptoms
Backdoor.Rietspoof gains persistence by creating a link in the Windows startup folder pointing to the backdoor process.
Type and source of infection
Backdoor.Rietspoof is a multi-staged malware delivery system that can be used to drop virtually any malware on an affected system. Backdoor.Rietspoof’s first stage is typicsally delivered by instant messaging software clients.
Protection
Remediation
Malwarebytes can detect and remove Backdoor.Rietspoof without further user interaction.
- Please download Malwarebytes to your desktop.
- Double-click MBSetup.exe and follow the prompts to install the program.
- When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen.
- Click on the Get started button.
- Click Scan to start a Threat Scan.
- Click Quarantine to remove the found threats.
- Reboot the system if prompted to complete the removal process.
A full system scan is recommended as Backdoor.Rietspoof is typically used as a method to introduce more malware on infected systems. If the system is connected to a network other systems on the network may also have been compromised.
Traces/IOCs
Files:
%appdata%roamingMicrosoftWindowsStart MenuProgramsStartupWindowsUpdate.lnk
%appdata%roamingMicrosoftWindowsCookieswordTemplate.vbs