| Port No | 1272 |
| Service Name | TheMatrix |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | The Matrix 1.03 is a Polish trojan. Because the client is a mix of Polish and English, we could not determine all of the features. The server can have its registry key, file name and port number changed prior to infection. The registry key and file name are always the same, however. Thus, if the file name is iamatrojan.exe then the registry key will be iamatrojan |
| Reference Link | TheMatrix |
| Attack | It Autoloads: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Key: Encrypt Features: Chat Disable/enable CTRL-ALT-DEL File manager Get passwords Hide/show clock Hide/show start button Key logger (online only) Matrix code on/off Open/close CD-Rom Send to URL System crash View/kill process Fix: Remove the Encrypt key in the registry located at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Which can be done with regedit or any other registry editing program. Reboot the computer or close Encrypt.exe. Delete the trojan file Encrypt.exe in the windows directory. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.