| Port No | 10666 |
| Service Name | Ambush |
| RFC Doc | 0 |
| Protocol | UDP |
| Description | Ambush 1.0 is a Visual Basic trojan. The client is very similar to the BO client. |
| Reference Link | 2000 Cracks Trojan |
| Attack | It autoloads the Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ Key: ZKA It does the following : Delete file Execute file Get drives Get drive info Get info Open/Close Cd-Rom Ping server Reboot Set webpage Upload file View file Removal : 1.Remove the ZKA key in the registry located at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Which can be done with regedit or any other registry editing program 2. Reboot the computer or close Zcn32.exe 3. Delete the trojan file Zcn32.exe in the windows directory. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.