Event ID - 23032

Port No23032
Service NameBackDoor-II.svr
RFC Doc0
ProtocolTCP
DescriptionThis backdoor hacking tool enables a hacker or remote user access to an infected system. It works on the Client-Server principle. The Server side listens to a port where the Client side connects to. When a connection is established, the Client sends commands to the Server so that these are executed. This program has been created in Visual Basic 6.0 and thus requires a MSWINSCK.OCX file and a MSVBM60.DLL runtime library installed in the infected system to execute properly.
Reference LinkBackDoor-II.svr
AttackSolutions:

Run regedit and delete the following registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsCurrentVersion\RunWinstart=%path%\%filename Scan your system with Trend antivirus and delete all files detected as BKDR_AMANDA.A. To do this, Trend customers must download the latest pattern file and scan their system. Other email users may use Trend HouseCall, a free online virus scanner.

Details:

This backdoor hacking tool is disguised as a paint file. Upon the execution, it displays the below bogus error message while it installs itself in memory.

Title: Error
Message Body: Error Loading Paint File

It functions as a service process invisible in the task list. It adds the following registry entries:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunWinstart=%path%\%filename%

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.