| Port No | 1492 |
| Service Name | FTP99cmp |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | The install of this trojan says HackCity FTP Coponant. We are not sure if HackCity really did this but its possible because its lame. All FTP99cmp is, is a simple serv-u ftp program with a custom setup. |
| Reference Link | FTP99cmp Trojan |
| Attack | It autoloads the Registry: HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run Key: WinDLL_16 It does the following : All the features that can be found in the Serv-u FTP server Removal : 1.Remove the WinDLL_16 key in the registry located at HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run. Which can be done with regedit or any other registry editing program. 2. Reboot the computer or close the msrun running in the memory. 3. Delete the trojan files windll16.exe and the Serv-u.ini in the Windows System directory(Usually c:\windows\system). |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.