| Port No | 12349 |
| Service Name | BioNet |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | BioNet 0.84 is a pesky trojan to be infected with. Upon infection, it writes to the wininit.ini to replace the explorer.exe with explorer.e after rebooting. This operation means that if you reboot after being infected with this trojan your explorer.exe has the trojan binded to it. The only way to remove it is to reboot into MS-DOS and replace your explorer.exe with the correct version. Be aware that it might infect AWADRP32.EXE, MKCOMPAT.EXE and RNAAP.EXE. |
| Reference Link | BioNet Trojan |
| Attack | It autoloads the Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ Key: WinLibUpdate It does the following : Capture screen Download/Upload files Execute files File manager Hide/Show start button Open/Close Cd-Rom Send message box Send to url Set mouse position Shutdown or reboot windows Trace mouse position Terminate applications Removal : 1.Remove the WinLibUpdate key in the registry located at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Which can be done with regedit or any other registry editing program. 2. If computer has been rebooted since infection. Reboot into Ms-Dos mode. Replace explorer.exe with normal explorer.exe. Or ReInstall windows completely. 3. Reboot the computer or close cdeztks.exe. 4. Delete the trojan files cdeztks.exe, linupdate.exe in the windows directory. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.