Port No | 23032 |
Service Name | BackDoor-II.svr |
RFC Doc | 0 |
Protocol | TCP |
Description | This backdoor hacking tool enables a hacker or remote user access to an infected system. It works on the Client-Server principle. The Server side listens to a port where the Client side connects to. When a connection is established, the Client sends commands to the Server so that these are executed. This program has been created in Visual Basic 6.0 and thus requires a MSWINSCK.OCX file and a MSVBM60.DLL runtime library installed in the infected system to execute properly. |
Reference Link | BackDoor-II.svr |
Attack | Solutions: Run regedit and delete the following registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsCurrentVersion\RunWinstart=%path%\%filename Scan your system with Trend antivirus and delete all files detected as BKDR_AMANDA.A. To do this, Trend customers must download the latest pattern file and scan their system. Other email users may use Trend HouseCall, a free online virus scanner. Details: This backdoor hacking tool is disguised as a paint file. Upon the execution, it displays the below bogus error message while it installs itself in memory. Title: Error Message Body: Error Loading Paint File It functions as a service process invisible in the task list. It adds the following registry entries: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunWinstart=%path%\%filename% |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.