| Port No | 22222 |
| Service Name | Ruler |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | Ruler 1.3's server displays a fake error message when run saying "This file was corrupted |
| Reference Link | Ruler |
| Attack | It Autoloads: Registry: HKEY_USERS\.Default\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Key: Win32Dll Features: Chat with server Get info IP Scanner Monitor on/off Open/Close CD-Rom Run program Send message Set wallpaper View folders Fix: Remove the Win32Dll key in the registry located at HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Run Which can be done with regedit or any other registry editing program. Reboot the computer or close Windll.exe. Delete the trojan file Windll.exe in the windows directory |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.