| Port No | 1807 |
| Service Name | Spy Sender |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | Spy Sender 0.65 beta is a trojan from 1998. This trojan has very few features and sometimes installs WAR-FTP server, which can be seen running. When the server is first run, while it is copying itself to the windows directory, it says "Illegal operation at C1092:1209. Possible Cause: Bad Exe file. Please reinstall this application. Program terminated.". Note that the Spy Sender server does not run until you reboot your computer. Even though this trojan is from 1998, it still appears to be developed |
| Reference Link | Spy Sender |
| Attack | It Autoloads: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Key: RunDll95
Features: File manager FTP server Logoff or shutdown windows Run file Screen capture Fix: Remove the Rundll95 key in the registry located at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Which can be done with regedit or any other registry editing program. Reboot the computer or close Rundll95.exe. Delete the trojan file Rundll95exe in the windows directory. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.