| Port No | 20002 |
| Service Name | Acid koR |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | Acid koR is a Visual Basic trojan based on Acid Shivers. Acid korR, unlike Acid Shivers, does not use a random port. Telnet is used to control the Acid koR server. |
| Reference Link | Acid koR Trojan |
| Attack | It autoloads the Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Key: Explorer and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices Key: Explorer It does the following : File features Get information Open/close CD-Rom Send message box Transfer file View/kill processes Removal : 1. Remove the Explorer key in the registry located at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run and HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices Which can be done with regedit or any other registry editing program. 2. Reboot the computer or close Msgsvr64.exe. 3. Delete the trojan file Msgsvr64.exe in the windows directory |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.