| Port No | 170 |
| Service Name | A-Trojan |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | A-Trojan 1.5 is a Portuguese trojan. We had to translate the client with a online service so it may not be correct. This trojan does have a few destructive features such as deleting critical files. |
| Reference Link | A-Trojan TCP |
| Attack | It autoloads the Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ Key: Rundll16 It does the following : Capture screen Change registered window owner Change sound properties Change title bar of IE Chat with server Close server Control mouse Delete autoexec.bat, config.ini, command.com or favorites Destroy floppy Destroy everything (?) Disable/Enable Menu Disable/Enable Task bar Fill hard drive FTP server Get cached passwords (?) Get information Hide/Show Task bar Make mouse go crazy Monitor on/off Open/Close CD-Rom Print various ascii art or text Remove server Restart computer Send commands Send message Send to url Start/stop beeps View running applications (?) Removal : 1.Remove the Rundll16 key in the registry located at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Which can be done with regedit or any other registry editing program. 2. Reboot the computer or close rundll16.exe. 3. Delete the trojan file rundll16.exe in the windows directory and MdiHole.exe, MsDecay.scr, Msvsrv.exe and watching.dll in the windows system directory. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.