WinSATAN Backdoor Detection

High Nessus Plugin ID 10316


A backdoor is installed on the remote Windows host.


WinSATAN is installed. This backdoor allows anyone to partially take
control of the remote system. An attacker may use it to steal your
password or prevent your system from working properly.


Use regedit and find 'RegisterServiceBackUp' in
The value's data is the path of the file. If you are infected by
WinSATAN, then the registry value is named 'fs-backup.exe'.

Plugin Details

Severity: High

ID: 10316

File Name: winsatan.nasl

Version: Revision: 1.24

Type: remote

Family: Backdoors

Published: 2000/01/04

Modified: 2016/05/26

Dependencies: 17975

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P