MoSucker is a powerful backdoor - hacker's remote access tool.
To remove this backdoor it is enough to delete its file from a hard disk. As a system was compromised by a backdoor, it should be checked for other infections and security settings (including logins and passwords) of a system should be changed.
A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:
Check for the latest database updates
First check if your F-Secure security program is using the latest updates, then try scanning the file again.
Submit a sample
After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.
Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.
Exclude a file from further scanning
If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.
Note: You need administrative rights to change the settings.
When activated on an infected system it allows more than one hacker to connect to a system and to perform the following actions:
1. Control the server - configure, restart, remove, close 2. Open/Close CD-ROM tray 3. Lost and kill processes 4. Shutdown/retart a system 5. Log activities and control mouse and keyboard 6. Upload, download, run, rename of move files 7. List, create, remove directories 8. Control Windows interface: popup start menu, minimize all windows, show/hide system tray, hide/show Start button, change wallpaper, change resolution, change system colors, flip screen, get opened windows list 9. Copy/read text from clipboard 10. Open/close chat session 11. Administrator of a backdoor server can control other user'srights for the server 12. Play sound files 13. Create log file of backdoor activities 14. Send text to a printer 15. Get OS system type and version 16. Modify Windows Registry 17. Update server from Internet 18. Change date and time 19. Show picture 20. Steal user's ICQ info 21. Get information about user's local and network drives 22. Show messageboxes 23. Notify a hacker when infected user is on-line 24. Get general information about infected system
The backdoor renames NETSTAT.EXE to NETSTAT.OLD when it is first activated and renames the file back when it is uninstalled. The backdoor also can install itself to system with modification of startup keys in the Registry or INI files.