Event ID - 2331

Port No2331
Service Nameagentview
RFC Doc0
ProtocolTCP
DescriptionAGENTVIEW
IRC Contact
Reference LinkMore Information
AttackName:IRC Contact

Server Features
1. Get information
2. Logoff, power off, reboot or shutdown windows
3. View/close windows

Comments:
IrcContact 1.0 is a IRC bot trojan. This means that the "hacker" connects to your computer via IRC. IrcContact is configured with a edit server program before it is sent out. This edit server programs allows IrcContact to join any IRC server and channel the "hacker" desires.

How To Remove:
1. Remove the System32Ex key in the registry located at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Which can be done with regedit or any other registry editing program.
2. Reboot the computer or close System32Ex.exe.
3. Delete the trojan file System32Ex.exe in the windows directory.

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.