WinSATAN Backdoor Detection

This script is Copyright (C) 2000-2016 Julio Cesar Hernandez


Synopsis :

A backdoor is installed on the remote Windows host.

Description :

WinSATAN is installed. This backdoor allows anyone to partially take
control of the remote system. An attacker may use it to steal your
password or prevent your system from working properly.

Solution :

Use regedit and find 'RegisterServiceBackUp' in
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
The value's data is the path of the file. If you are infected by
WinSATAN, then the registry value is named 'fs-backup.exe'.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Backdoors

Nessus Plugin ID: 10316 ()

Bugtraq ID:

CVE ID:

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial