Event ID - 3000

Port No3000
Service NameTHIEF
RFC Doc0
ProtocolTCP
DescriptionThis is the server component of the version 1.35a of the backdoor program, Theef. If installed on a system, it enables a hacker running the client component control overe its infected system.
Reference LinkTHIEF
AttackSolution:
Click Start>Run, type Regedit then hit the Enter key.
In the left panel of the Registry Editor, double click the registry key:
HKEY_LOCAL_MACHINE
In the right panel, look for and then delete the value:
Window = “c:\windows\system\Window.exe”
In the left panel, double click the registry keys:
HKEY_LOCAL_MACHINE>Software>Microsoft>Windows
>CurrentVersion>Run
On the right panel, look for and then delete the value:
Window = “c:\windows\system\Window.exe”
Close the Registry Editor window.
Restart your computer.
Scan your system with Trend antivirus and delete all files detected as TROJ_THF135A.SRV. To do this Trend customers must download the latest pattern file and scan their system. Other email users may use HouseCall, Trend Micro's free online virus scanner.

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.