| Port No | 20001 |
| Service Name | Millenium |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | Millenium 1.0 is a simple Visual Basic trojan. It can infect Windows NT if you have a c:\windows directory. When removing from Windows NT you only have to remove the Registry entry. The server can be password protected but you can just move the dialog box asking for the password out of the way and actually use all the features without knowing the password. Do note upon closing the server it rewrites the autoload info so you must remove the server before removing the autoload info. |
| Reference Link | Millenium Trojan |
| Attack | It autoloads the Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ Key: Millenium, Win.ini: run=c:\windows\system\reg66.exe under [windows] It does the following : Chat with server Config server Control NetBus Disable/Enable Alt-Ctrl-Del File manager Hang up connection Open/Close CD-Rom Screen Send keys Send message Shutdown, restart, logoff, restart in Ms-Dos Removal : 1.Remove the Millenium key in the registry located at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Which can be done with regedit or any other registry editing program. Also remove the run=c:\windows\system\reg66.exe under [windows] in the win.ini. Which can be done with any text editing program. 2. Reboot the computer or close reg66.exe. 3. Delete the trojan file reg66.exe in the windows system directory. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.