Backdoor.Rietspoof

Short bio

Backdoor.Rietspoof is Malwarebytes’ detection name for a family of Trojans that enable threat actors to gain remote access and control over an affected Windows system.

Synmptoms

Backdoor.Rietspoof gains persistence by creating a link in the Windows startup folder pointing to the backdoor process.

Type and source of infection

Backdoor.Rietspoof is a multi-staged malware delivery system that can be used to drop virtually any malware on an affected system.
Backdoor.Rietspoof’s first stage is typicsally delivered by instant messaging software clients.

Protection

Malwarebytes protects users from Backdoor.Rietspoof by using real-time protection.

block Backdoor.Rietspoof

Malwarebytes blocks Backdoor.Rietspoof

Remediation

Malwarebytes can detect and remove Backdoor.Rietspoof without further user interaction.

  1. Please download Malwarebytes to your desktop.
  2. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  3. Then click Finish.
  4. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  5. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  6. When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  7. Restart your computer when prompted to do so.

A full system scan is recommended as Backdoor.Rietspoof is typically used as a method to introduce more malware on infected systems. If the system is connected to a network other systems on the network may also have been compromised.

Traces/IOCs

Files:

%appdata%\roaming\Microsoft\Windows\Start Menu\Programs\Startup\WindowsUpdate.lnk

%appdata%\roaming\Microsoft\Windows\Cookies\wordTemplate.vbs

Select your language