| Port No | 1243 |
| Service Name | SubSeven |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | This is the one that started it all for SubSeven. The first public release was on February 28th, 1999. This version is very unlikely used by anyone. |
| Reference Link | SubSeven |
| Attack | It Autoloads: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ Key: SystemTrayIcon Features: Disable keyboard Download/upload File explorer Flip screen FTP server Get cached passwords Get info on computer Hide/move mouse Hide/show start button/taskbar ICQ notify Keylog Message manager Open browser Open/close cdrom Play wav Record sound Send question Set volume Set wallpaper Show image Start/stop speaker Update server View/disable x/focus/close applications Fix: Remove the SystemTrayIcon key in the registry located at: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\. Which can be done with any text editing program. Reboot the computer or close the trojan. Delete the trojan file SysTrayIcon.exe in the Windows directory |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.