Event ID - 1080

Port No1080
Service NameWinHole
RFC Doc0
ProtocolTCP
DescriptionWorks on Windows 95 and 98.
Reference LinkWinHole Trojan
AttackIt autoloads the Registry:
HLM\System\CurrentControlSet\Services\VxD\ HLM\Software\Qbik Software\WinGate\

File :
Winhole.zip - 402,311 bytes Winhole.zip - 402,656 bytes Mmtask.exe - 349,696 bytes Regedit.exe - 105,984 bytes Vmload.vxd - 10,843 bytes

It does the following :
Remote Access
A trojanized version of Wingate proxy server. Mmtask.exe is a copy of the legitimate WinGate server packed with the compressor UPX.

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.