Port No | 1030 |
Service Name | KWM |
RFC Doc | 0 |
Protocol | TCP |
Description | This backdoor program is similar to the Back Orifice and the Subseven malware that consist of a server program and a client program. It uses the server program to infect target systems and uses the client program to control the computer infected with the server program from a remote location. |
Reference Link | KWM Trojan |
Attack | SOLUTION : 1.Delete the BODY.LG file from the Windows directory 2.Delete the PHOTO.JPG file in the root directory of the Hard Drive C:\. 3.Click Start>Run, type Regedit then hit the Enter key. 4.Double click the following: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion 5.In the right panel, look for the following registry entries under value and delete these:CmdID SystemNumber 6.Close the Registry. 7.Click Start>Run, type SYSTEM.INI then hit the enter key 8.Look for the following lines. %Windows% is usually the C:\Windows directory: [boot] shell = Explorer.exe %Windows%\Netcfgw.exe 9.Delete the %Windows%\Netcfgw.exe so that the above lines should finally appear as follows:[boot] shell = Explorer.exe 10.Save and exit SYSTEM.INI. 11.Restart your system. 12.Scan your system with Trend Micro antivirus and then delete all files detected as BKDR_KWM.A. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other email users may use HouseCall, Trend Micro’s free online virus scanner. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.