| Port No | 31557 |
| Service Name | Xanadu |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | Xanadu 1.1 is a trojan from 1999. Xanadu comes is sent like a setup package (setup.ini, setup.ins, etc), however all the files except setup.exe (the trojan server) are 0 kilobytes |
| Reference Link | Xanadu |
| Attack | Autoloads: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices Key: Setup Features: Change pc name Change resolution Change various policies Change volume Crazy mouse on/off File manager Get cached passwords Get info Get screen saver password Get/set clipboard Hide/show cursor Hide/show desktop Hide/show task bar Key logger Open/close CD-Rom Print text Registry manager Send keys Send message Send to URL Show picture Swap mouse buttons iew/close processes Fix: Remove the SETUP key in the registry located at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices Which can be done with regedit or any other registry editing program. Reboot the computer or close SETUP.exe. Delete the trojan file SETUP.exe in the windows directory |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.