| Port No | 2040 |
| Service Name | The Invasor |
| RFC Doc | 0 |
| Protocol | UDP |
| Description | The Invasor is a old trojan. In the version we have, the readme says to run the server on yourself so that The Invasor shall work. So, probably more people have infected themselves other then people infecting others |
| Reference Link | The Invasor |
| Attack | It Autloads: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ Key: SystemDLL32 Features: Delete win.com File manager Format computer Get ICQ password Get passwords Get screen shot Open/Close Cd-Rom Play sound Send message Shutdown computer Fix: Remove the SystemDLL32 key in the registry located at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Which can be done with regedit or any other registry editing program. Rember the value of SystemDLL32 so you can actually delete the trojan in step 3. Reboot the computer or close the trojan file in the SystemDLL32. Delete the trojan file that is listed in the SystemDLL32 key in the windows directory. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.