Event ID - 1012

Port No1012
Service NameDOLY
RFC Doc0
ProtocolTCP
DescriptionAVIALABLE IN DATABASE This server side backdoor program is a variant of the Doly backdoor. It is coded in Visual Basic 5.0. It requires that the MSWINSCK.OCX file and the FS.OCX file are installed in an infected computer for it to execute properly. Once executed, it remains active in memory and functions as server side backdoor. It allows a remote user running its client side control over an infected system.

This backdoor carries a destructive payload of formatting an infected system's Drive C:\.
Reference LinkDOLY
AttackSolution:

Click Start > Run, type REGEDIT.EXE then hit the Enter key.
Double-click the following and delete the registry key “Ms tesk”:
HKEY_USERS\Default\Software\Microsoft\Windows \CurrentVersion\Run
Double-click the following:
HKEY_USERS\Default\Software\Mirabilis \ICQ\Agent\Apps\Ava
Delete the following entries:
Enable
Parameters
Path
Startup
Exit the Registry.
Restart your system in MS-DOS mode and delete the MDM.EXE file in the Windows startup folder that can be found in the C:\%windows%\Start Menu\Programs\StartUp\ by default.
Scan your system with Trend antivirus and delete all files detected as BKDR_DOLY15.B. To do this, Trend customers must download the latest pattern file and scan their system. Other email users may use HouseCall

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.