Event ID - 21544

Port No21544
Service NameMaverik
RFC Doc0
ProtocolTCP
DescriptionMaverik's Matrix 1.0 was created from GirlFriend's source code. The only changes made to the GirlFriend source code was their name added in the client.
Reference LinkMaverik Trojan
AttackIt autoloads the Registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Key: Wincfg.exe

It does the following :
Get cached passwords
File manager
Remove server
Send message

Removal :
1. Remove the Wincfg.exe key in the registry located at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Which can be done with regedit or any other registry editing program.
2. Reboot the computer or close Wincfg.exe.
3. Delete the trojan file Wincfg.exe in the windows directory.

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.
 Refresh