From the doc: 'allows to bypass the outbound protection of a Personal Firewall in order to establish a remote connection. BackStealth is executed within the memory space allocated to your Firewall and thus does not appear to be a separate process. Such 'Stealth' technique gives it full rights for access to the web, completely transparent and independant from all other applications. It connects to: and downloads the file saving it as: C:etrieve.dat The utility will have no problem at all in accessing the web without any filter being applied from the firewall. The user, monitoring open connections will notice that the action seems to be carried out by the firewall itself!'
BackDoor-ANE [McAfee]security risk named W32/BackStealth11.A [F-Prot]
backstealth.exe
backdll.dll