| Port No | 1 |
| Service Name | Sockets des Troie |
| RFC Doc | 0 |
| Protocol | UDP |
| Description | This worm hooks Windows socket functions, allowing it to propagate via email and prevent users from visiting certain Internet sites. To propagate via email message, it monitors email activity on the infected machine. It sends a corresponding message to the same recipient for every message that is sent through the infected machine. It sends email with no subject or message body, but with a copy of itself as attachment. |
| Reference Link | Sockets des Troie trojan port |
| Attack | SOLUTION : AUTOMATIC REMOVAL INSTRUCTIONS To automatically remove this malware from your system, please refer to the Trend Micro Damage Cleanup Services. MANUAL REMOVAL INSTRUCTIONS Restoring WSOCK32.DLL 1.First, locate WININIT.INI. On Windows 9x/NT a.Click Start>Find>Files and Folders. b.In the Named input box, type: WININIT.INI c.In the Look In drop-down list, select the drive which contains Windows, then press Enter. On Windows 2000/ME/XP a.Click Start>Search>For Files and Folders. b.In the Search for files and folders named input box, type: WININIT.INI c.In the Look In drop-down list, select the drive which contains Windows, then press Enter. 2.If the above file is found: a.Delete it. b.The presence of the WININIT.INI file means that the Worm has not patched WSOCK32.DLL. In this case, you must locate the WSOCK32.MTX file and delete it. 3.Otherwise: a.Obtain a clean copy of WSOCK32.DLL from a similar Windows system or from your Windows installer. b.Restart in MS-DOS mode. c.Type the following commands hitting the Enter key after every line: Cd\ Cd Windows attrib mtx_.exe –h attrib Ie_pack.exe –h attrib Win32.dll –h d.Delete the created files with the following commands. Hit the Enter key after every line: Del MTX_.EXE –H Del LE_PACK.EXE –H Del WIN32.DLL –H e.Restart your system normally. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.