| Port No | 13473 |
| Service Name | Chupacabra |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | Chupacabra 1.0 is a Visual Basic 5 trojan. This trojan has a format feature, we don't know if this feature actually works. Chupacabra is rather old and does not have many features so, this trojan is probably not used much. |
| Reference Link | Chupacabra Trojan |
| Attack | It autoloads the Registry: Registry and win.ini It does the following : Close, logoff or reboot windows Delete file Disable/enable CTRL-ALT-DEL Format computer Get ICQ user Get time Hide/show task bar Send message Start screensaver Removal : 1.Remove the System Protect key in the registry located at HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersionRun and HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run and HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Which can be done with regedit or any other registry editing program. 2. Open the win.ini(Usually c:\windows\win.ini) and remove the key: run=winprot.exe and load=winprot.exe under [Windows], this can be done with any text editing program. 3. Reboot the computer or close winprot.exe. 4. Delete the trojan file winprot.exe in the windows system directory. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.