BKDR_PLUGX.SME

BKDR_PLUGX.SME is a primary component of the PlugX Trojan, a module-based backdoor Trojan that compromises your PC's security with a backdoor vulnerability (along with several spyware-related functions). Typical BKDR_PLUGX.SME infections are the result of opening a malicious Word document that can be detected as TROJ_ARTIEF.LWO. Because e-mail remains the most common method of distributing malicious text files like TROJ_ARTIEF.LWO, SpywareRemove.com malware researchers recommend that you stop and contemplate the consequences before you open a seemingly 'safe' file blindly. BKDR_PLUGX.SME uses code injection to conceal itself and remains active even any obvious symptoms. Thus, as is true for most backdoor Trojans, deleting BKDR_PLUGX.SME should rely on anti-malware software preferentially.

Every Little Reason to Stop Your PC from Plugging into BKDR_PLUGX.SME

BKDR_PLUGX.SME is just the first of a total of four major files in a typical PlugX infection that's installed through Adobe Acrobat or Microsoft Office-based exploits. After being installed by TROJ_ARTIEF.LWO (a malicious text document), BKDR_PLUGX.SME is responsible for installing three other PlugX-related files, including BKDR_PLUGX.BUT. Once its installation is completed by BKDR_PLUGX.SME, PlugX injects its code into svchost.exe (which is a standard Windows component). BKDR_PLUGX.SME then deletes itself to avoid detection, although the rest of the PlugX infection will remain on your computer and commence in its attacks.

Some mentionable 'features' that are displayed in various modules for PlugX include (although SpywareRemove.com malware analysts note that this isn't an exhaustive list):

• Spyware functions, such as recording keyboard input, capturing video or taking screenshots.
• Granting remote attackers the ability to alter your Registry, delete files, open programs, upload/download information and control which applications can function (at both the Registry level and via control over memory processes).
• Forcing a reboot, logging the current user off or even locking down the workstation.

Other PlugX-related functions can be used for a range of attacks, such as recruiting your PC into a botnet or installing other forms of malicious applications.

Unplugging BKDR_PLUGX.SME and Every Other PlugX Component

If BKDR_PLUGX.SME completes its installer routine, BKDR_PLUGX.SME will delete itself. However, BKDR_PLUGX.SME's payload should be removed from your computer through anti-malware software, along with all Registry and other system changes. Failure to do this promptly grants criminals the ability to access and control your computer with minimal effort, and may result in compromises to personal information or even damage to your PC.

However, SpywareRemove.com malware research team notes that it's much easier simply to avoid BKDR_PLUGX.SME rather than try to delete PlugX. Watch for suspicious e-mail messages that ask you to open unusual file attachments, particularly for files that use PDF or DOC formats. Deleting these e-mail messages, unopened, is the surest way to prevent BKDR_PLUGX.SME and the rest of PlugX from ever getting a grip on your computer and its contents.

Technical Details