| Port No | 3067 |
| Service Name | W32.Korgo.F |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | W32.Korgo.F is a minor variant of W32.Korgo.E. It is a worm that attempts to propagate by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS04-011) on TCP port 445. It also listens on TCP ports 113, 3067, and other random ports. |
| Reference Link | Port Number:3067 Service Name:W32.Korgo.F Port:TCP |
| Attack | According to Symantec Removal using the W32.Korgo Removal Tool Symantec Security Response has developed a removal tool to clean infections of W32.Korgo.F. Use this removal tool first, as it is the easiest way to remove this threat. Manual Removal The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines. 1.Disable System Restore (Windows Me/XP). 2.Update the virus definitions. 3.Restart the computer in Safe mode or VGA mode. 4.Run a full system scan and delete all the files detected as W32.Korgo.F. 5.Reverse the changes made to the registry. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.