INFORMATION ABOUT Backdoor-SS

Overview -

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.
Aliases
Backdoor.LittleWitch
Backdoor.LittleWitch.B (Symantec)

Characteristics -

This threat is a Low risk and Profiled in the following Tech Live article Wicked Code Emerges for Halloween.

There are many variants of this remote access trojan. This description is meant to be a guide. When this trojan is run it may copy itself to the WINDOWS SYSTEM (%SysDir%) directory as Rundll.exe. The following regsitry key is created to load the trojan at startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
\RunServices\Rundll=Rundll.exe
Other registry keys may include:
HKEY_CURRENT_USER\Software\Msn\Date=%Date_Run%
HKEY_LOCAL_MACHINE\Rundll=Rundll.exe
The trojan sends an ICQ pager notification to the author/configurator. This provides the attacker with the necessary information to connect to the compromised system remotely. A .DAT file is created to store trojan information, %WinDir%\usr.dat.

Once infected, a remote attacker can connect to the compromised system to perform various tasks, such as:
Chat
FTP functions
Retrieve logged keystrokes
Retrieve cached passwords
Open/close CD-ROM door
Retrieve configured email account information
Retrieve system information (CPU speed, RAM, Drive space, etc)
Open a remote command console
Swap mouse buttons
Open URLs
Hide/Show
Kill processes
Change screen resolution
Capture screen shots
Play sounds
Shutdown/restart Windows

Symptoms -

TCP Port 31,320 being left opened.

Method of Infection -

Trojans often come disguised as a desired program, but they do not propagate on their own. Once the trojan is run, it installs itself on the local system, and allows a remote attacker to perform various functions.

Manual Removal Instructions

Delete the registry key(s) as mentioned above
Information on deleting registry keys
Restart the computer
Delete the files mentioned above

if dis dint work, try starting ur pc in safe mode n thn use registry mechanic 2 repair ur registry