BackDoor.Andromeda

BackDoor.Andromeda is a backdoor Trojan that was identified by reputable PC security companies in late 2011. As is the case with other backdoor Trojans, BackDoor.Andromeda foremost goal is to infect your PC secretly and drill a vulnerability through its security that permits criminals to take over your PC from a remote server. BackDoor.Andromeda may also be used to install other PC threats such as Trojan.Hosts.5858, distribute itself via removable media or even steal passwords from FTP programs. As an intricate PC threat that includes traits of worms and spyware along with its backdoor Trojan attacks, BackDoor.Andromeda should be deleted as soon as you can do so, although SpywareRemove.com malware researchers preferentially recommend the use of anti-malware applications for this purpose.

All the Signs Point to BackDoor.Andromeda Being a Bad Omen for Your Computer

BackDoor.Andromeda is distributed as an .exe file that's usually named in a misleading manner; for example, 'DHL ticket.exe' (to make you think that BackDoor.Andromeda is related to airline booking issues), 'BBB report.exe' (referencing the Better Business Bureau) or 'IMG9231.jpg.exe' (a fake picture file). While these types of fraudulent files are often distributed in spam e-mail messages and social networking links, they can also be distributed via other methods. After being launched, BackDoor.Andromeda will make efforts to set up itself on your PC and on any removable media devices such as USB thumb drives. Accordingly, SpywareRemove.com malware experts discourage sharing USB drives and similar devices with other computers until you've removed BackDoor.Andromeda completely, since BackDoor.Andromeda can easily infect any other PC that shares the device via Autorun.inf exploits.

Perhaps BackDoor.Andromeda's most serious attack is its ability to connect to a remote C&C server, from which BackDoor.Andromeda may download other PC threats for installation or transfer personal information over to criminals. Backdoor vulnerabilities like those that are caused by BackDoor.Andromeda infections should always be considered high-level security and privacy risks.

A Run Through BackDoor.Andromeda's Stealth Routines

As part of its default behavior, BackDoor.Andromeda can conceal its files with hidden flags, particularly with respect to removable hard drives. Since there may not be any visible signs of BackDoor.Andromeda's attacks, you should be ready to use dedicated anti-malware programs to detect all components of BackDoor.Andromeda (along with any other types of hostile software that BackDoor.Andromeda could have downloaded and installed).

Expelling BackDoor.Andromeda should be of particular concern for users of FTP programs, since SpywareRemove.com malware researchers have found that BackDoor.Andromeda is designed to steal WinSCP passwords from the Registry. However, unlike true spyware, BackDoor.Andromeda hasn't been found to include keylogging or other types of broad information-stealing attacks that could be used to violate other types of information - although BackDoor.Andromeda may install different PC threats that are capable of such feats.

Technical Details