| Port No | 1441 |
| Service Name | Remote Storm |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | Remote Windows Shutdown is not Remote Storm 1.2 has some unseen features. It is nice because it is not destructive on the other hand it is scary. It can display a fake formatting of the server. This fake format can be configured to start right when the dialog is shown or when the server hits the X button. Also it can display fake illegal operation messages (that look exactly the same except you can't hit details more then once). Plus this can be configured that if the program it is saying had an illegal operation and is running Remote Storm will actually close it. The server also infects Windows NT/2000 computers |
| Reference Link | Remote Storm |
| Attack | It Autoloads: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ Key: WinManager Features: Click any one of three mouse buttons Click start menu Display illegal operation Enable/Disable clipboard Enable/Disable double click Exit windows Fake format File manager Key logger Minimize all windows Open/Close Cd-Rom Send message Send text Send to URL Server setup Set computer name Set resolution Show/Hide task bar Start screen saver Swap mouse buttons View/close running windows Fix: Remove the WinManager key in the registry located at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Which can be done with regedit or any other registry editing program. Reboot the computer or close DllRun.exe. Delete the trojan file DllRun.exe and DllCount.sys in the windows system directory |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.