Aliases

Backdoor.Win32.Small.x (Kaspersky Lab) is also known as: Backdoor.Small.x (Kaspersky Lab), Backdoor.Trojan (Symantec),   BackDoor.Tiny.1087 (Doctor Web),   Backdoor:Win32/Small.X (RAV),   TROJ_SMALL.BB (Trend Micro),   BDS/Small.X (H+BEDV),   Win32:Trojano-104 (ALWIL),   BackDoor.Small.BV (Grisoft),   Backdoor.Small.X (SOFTWIN),   Backdoor Program (Panda),   Win32/Small.X (Eset)

Description added	Oct 20 2008
Behavior	Backdoor

• Technical details
• Payload
• Removal instructions

This Trojan provides a remote malicious user with access to the victim machine. It is a Windows PE EXE file. It is 1087 bytes in size.

The backdoor launches cmd.exe and redirects the standard input/ output to a socket which waits for an incoming connection on TCP port 47873. Once a remote malicious user connects via this port s/he can gain complete control over the victim machine.

If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:

1. Use Task Manager to terminate the malicious program’s process.
2. Delete the original backdoor file (the location will depend on how the program originally penetrated the victim machine).
3. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).