| Port No | 10520 |
| Service Name | AcidShivers |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | [trojan] Acid Shivers |
| Reference Link | Port No:10520 Service Name:AcidShivers Protocol:TCP ACTION |
| Attack | Step 1.
Click START | RUN type REGEDIT and hit ENTER Step 2. In the left window, click the "+" (plus sign) to the left of the following: HKEY_LOCAL_MACHINE Software Microsoft Windows CurrentVersion Run Step 3. In the right window, look for a registry key with a Name value of "Explorer" and a Data value that loads the "msgsvr16.exe" file. This is the registry key that provides the ability to load the server portion of the trojan whenever the PC is started. Step 4. In the right window, highlight the registry key that loads the file and press the DELETE key. Answer YES to delete the entry. Step 5. In the left window, click the "+" (plus sign) to the left of the following: HKEY_LOCAL_MACHINE Software Microsoft Windows CurrentVersion RunServices Step 6. In the right window, look for a registry key with a Name value of "Explorer" and a Data value that loads the "msgsvr16.exe" file. This is a second registry key that provides the ability to load the server portion of the trojan whenever the PC is started. Step 7. In the right window, highlight the registry key that loads the file and press the DELETE key. Answer YES to delete the entry. Step 8. Exit the Registry Step 9. Click START | SHUTDOWN. Choose "Restart in MS-DOS mode" and click OK. Step 10. After the computer has restarted, change to the WINDOWS directory (e.g. CD WINDOWS) and delete the "msgsvr16.exe" file (e.g. DEL msgsvr16.exe). Step 11. Press CTRL-ALT-DEL and allow Windows to restart |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.