|Backdoor.Hacarmy.D is a Backdoor Trojan horse that gives an attacker control over a compromised computer.
When Backdoor.Hacarmy.D runs, it does the following:
Copies itself as %System%\ZoneLockup.exe.
Adds the value: "Winsock32driver"="ZoneLockup.exe"
to the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Attempts to connect to an IRC server at port 6667. If successful, it allows the remote attacker to perform some of the following actions:
- Download and execute files
- Terminate processes
- Steal system information, such as operating system information, system uptime, current user name, IP address, and host name
Automatic removal: Use antivirus (also check How To Remove section)Startup Optimizer to remove this adware from startup.