| Port No | 31788 |
| Service Name | HackATack.120 |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | This backdoor malware allows a remote user to access an infected PC. |
| Reference Link | HackATack.120 |
| Attack | Solutions: Follow this registry path and delete the entry, Explorer32 = %WinDir%\Expl32.EXE. %Windir% is usually the C:\Windows directory: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ Scan your system with Trend Micro antivirus and delete all files detected as BKDR_HACKTACK.B and the dropped file, "EXPL32.EXE." To do this, Trend Micro customers must download the latest pattern file and scan their system. Other email users may use HouseCall, Trend Micro's free online virus scanner. Details: This backdoor malware consists of two parts, the client program and the server program. The server program allows a remote user to control the infected PC, while the client program, once executed can log-in to the server program and remotely control the PC. This backdoor malware acts as the server program and drops the file "Expl32.EXE" at the Windows folder and then modifies the registry so that the dropped file is run every time Windows starts. The registry key "Explorer32" is added at: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Explorer32 = \Expl32.EXE. Once the file is loaded in memory, the process is invisible in the background. With this backdoor malware the remote user can perform any of the following on the infected computer: Manipulate the CDROM drive Make sounds at the speaker View the victim’s monitor Change the taskbar settings Control the mouse of the victim Send ICQ messages and emails Steal ICQ password Browse using the default browser Disconnect the victim from a Dial-Up Shutdown, reboot, power-off, log-off the victim Manipulate/Run files Chat with the victim |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.