| Port No | 1981 |
| Service Name | Bowl |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | Bowl 1.0 is a small server controlled by a telnet client. Because this trojan does not have a GUI interface and no special features, this trojan is probably not used much. The person sending the program can decide whether to put password protection and or whether the server infects the recipient before it is sent. |
| Reference Link | Bowl Trojan |
| Attack | It autoloads the Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunService Key: NetworkPopup It does the following : Beep Close server Download file Freeze server Get system info (IP address, computer name, logged user, windows version) Kill process or service List/delete files (Basically a file manager) Password protect server Run file Screen on/off (can't do anything but reboot) Show error message Shutdown windows Swap mouse buttons View text files Removal : 1. Remove the NetworkPopup key in the registry located at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices. Which can be done with regedit or any other registry editing program. 2. Reboot the computer or close netpopup.exe. 3. Delete the trojan netpopup.exe in the windows directory. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.