Port No | 25 |
Service Name | Kuang |
RFC Doc | 0 |
Protocol | TCP |
Description | Kuang2 is a small trojan that emails passwords. The server has the SMTP server and email address configured before being sent to you. |
Reference Link | Kuang Trojan |
Attack | It autoloads the Registry: HKEY_USERS\.Default\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Key: WebAccelerator and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Key: Tem$1.task It does the following : Email passwords Removal : 1.Remove the WebAccelerator key in the registry located at HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Run and Temp$1.task key in the registry located at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. This can be done with regedit or any other registry editing program. 2. Reboot the computer or close M_webcache_.exe or Temp$1.exe. 3. Delete the trojan files _webcache_.exe, Temp$1.exe in the windows system directory and TEMP$1.EXE in the windows directory. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.