Event ID - 1034

Port No1034
Service NameBackdoor.KWM
RFC Doc0
ProtocolTCP
DescriptionThis backdoor program is similar to the Back Orifice and the Subseven malware that consist of a server program and a client program. It uses the server program to infect target systems and uses the client program to control the computer infected with the server program from a remote location.
Reference LinkBackdoor.Latinus
AttackSOLUTION :

1.Delete the BODY.LG file from the Windows directory
2.Delete the PHOTO.JPG file in the root directory of the Hard Drive C:\.
3.Click Start>Run, type Regedit then hit the Enter key.
4.Double click the following:
HKEY_CURRENT_USER\Software\MicrosoftWindows\CurrentVersion
5.In the right panel, look for the following registry entries under value and delete these:CmdID SystemNumber
6.Close the Registry.
7.Click Start>Run, type SYSTEM.INI then hit the enter key
8.Look for the following lines. %Windows% is usually the C:\Windows directory:[boot]
shell = Explorer.exe %Windows%\Netcfgw.exe
9.Delete the %Windows%\Netcfgw.exe so that the above lines should finally appear as follows:[boot]shell = Explorer.exe
10.Save and exit SYSTEM.INI.
11.Restart your system.
12.Scan your system with Trend Micro antivirus and then delete all files detected as BKDR_KWM.A. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other email users may use HouseCall, Trend Micro’s free online virus scanner.

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.