Tweet
Backdoor.Teamviewer is a Trojan pretends to be an Adobe Flash Player installer, but in reality installs a copy of the TeamViewer remote access software on to the victim's computer. Once TeamViewer is installed, it will connect back to the attackers Command & Control server and submit the IP address of the infected computer.
How to remove the Backdoor.TeamViewer Trojan
Backdoor.Teamviewer is a Trojan pretends to be an Adobe Flash Player installer, but in reality installs a copy of the TeamViewer remote access software on to the victim's computer. Once TeamViewer is installed, it will connect back to the attackers Command & Control server and submit the IP address of the infected computer as shown below.
Once the attackers have the victim's IP address, they are able to connect remotely to the victim's computer and take remote control of it. While connected they will be able to use the computer as if they were in front of it. This allows them to view your documents, pictures, and run other programs that steal passwords to your online accounts.
Unfortunately, the only clues that would indicate you are infected with this Trojan is if you notice the %AppData%\Sin\5s.exe application running on your computer or if they take control of it while you are watching. Therefore, it is important to make sure your computer is running a good antivirus program with updated security definitions.
It has been thought that this malware may be one of the vectors for the many TeamViewer hacks that have been reported in May & June of 2016. This Trojan is currently being detected as Trojan.Teamspy, Gen:Variant.Mikey, Win32.Trojan-spy.Teamspy, Trojan-Spy.Win32.Teamspy, and Backdoor.TeamViewer by various antivirus programs.
How did the Backdoor.Teamviewer get on my computer?
The Backdoor.Teamviewer Trojan is distributed as an Adobe Flash installer. When visiting certain sites or trying to access content, a message will appear stating that your Adobe Flash is outdated or that you need to install a new version to access the content on the page. When you download the installer, it will actually install the legitimate Flash on to your computer, but at the same time will install the Backdoor.Trojan as well in the background without your knowledge.
If you believe you are infected with the Backdoor.TeamViewer application you can use the removal guide below to check for it's existence and remove it.
Array
View Associated Backdoor.TeamViewer Files %AppData%\Sin\%AppData%\Sin\5s.exe%AppData%\Sin\avicap32.dll%AppData%\Sin\nv8moxfluFile Location Notes:
%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\\AppData\Roaming.
View Associated Backdoor.TeamViewer Registry Information HKCU\Software\Microsoft\Windows\CurrentVersion\Run\5s %AppData%\Sin\5s.exe
Click here to view the article.
How to remove the Backdoor.TeamViewer Trojan
- Tue, 07 Jun 2016 21:04:12 EDT
- Read 1680 times
Backdoor.Teamviewer is a Trojan pretends to be an Adobe Flash Player installer, but in reality installs a copy of the TeamViewer remote access software on to the victim's computer. Once TeamViewer is installed, it will connect back to the attackers Command & Control server and submit the IP address of the infected computer as shown below.
Once the attackers have the victim's IP address, they are able to connect remotely to the victim's computer and take remote control of it. While connected they will be able to use the computer as if they were in front of it. This allows them to view your documents, pictures, and run other programs that steal passwords to your online accounts.
Unfortunately, the only clues that would indicate you are infected with this Trojan is if you notice the %AppData%\Sin\5s.exe application running on your computer or if they take control of it while you are watching. Therefore, it is important to make sure your computer is running a good antivirus program with updated security definitions.
It has been thought that this malware may be one of the vectors for the many TeamViewer hacks that have been reported in May & June of 2016. This Trojan is currently being detected as Trojan.Teamspy, Gen:Variant.Mikey, Win32.Trojan-spy.Teamspy, Trojan-Spy.Win32.Teamspy, and Backdoor.TeamViewer by various antivirus programs.
How did the Backdoor.Teamviewer get on my computer?
The Backdoor.Teamviewer Trojan is distributed as an Adobe Flash installer. When visiting certain sites or trying to access content, a message will appear stating that your Adobe Flash is outdated or that you need to install a new version to access the content on the page. When you download the installer, it will actually install the legitimate Flash on to your computer, but at the same time will install the Backdoor.Trojan as well in the background without your knowledge.
If you believe you are infected with the Backdoor.TeamViewer application you can use the removal guide below to check for it's existence and remove it.
Array
View Associated Backdoor.TeamViewer Files %AppData%\Sin\%AppData%\Sin\5s.exe%AppData%\Sin\avicap32.dll%AppData%\Sin\nv8moxfluFile Location Notes:
%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\\AppData\Roaming.
View Associated Backdoor.TeamViewer Registry Information HKCU\Software\Microsoft\Windows\CurrentVersion\Run\5s %AppData%\Sin\5s.exe
Click here to view the article.