| Port No | 25685 |
| Service Name | MoonPie |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | MoonPie 1.0 is a german trojan. We tried our best to translate all of the features. When we tested MoonPie 1.0 the server wrote to the registry, however it did not copy itself to winsys.exe in the windows system directory. This means that this version probably does not work once you reboot your computer. |
| Reference Link | MoonPie Trojan |
| Attack | It autoloads the Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Key: WinSys It does the following : Change windows colors Disable/enable CTRL-ALT-DEL File manager Get information Hide/show start button Hide/show sys tray Open/close CD-Rom Ping Registry manager Send message Send to URL Removal :Remove the WinSys key in the registry located at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Which can be done with regedit or any other registry editing program. 2. Reboot the computer or close winsys.exe. 3. Delete the trojan file winsys.exe in the windows system directory if it exists. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.