| Port No | 31792 |
| Service Name | Backdoor.HackTack |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | This application, once executed modifies the registry and drops a file, Expl32.exe, which is the server portion of a tool named “Hack'a'Tack.” A certain Da SuckA & The Bart33 created the application. |
| Reference Link | Backdoor.HackTack |
| Attack | Solution: Please use caution while removing this backdoor malware. If the procedure as described below is not followed correctly, unexpected results may occur. Click START>RUN, type REGEDIT then hit the ENTER key In the left panel, click the "+" to the left of the following: HKEY_LOCAL_MACHINE Software Microsoft Windows CurrentVersion Run In the right panel, search for the registry key with the name "Explorer32" and the data value "c:\Windows\Expl32.exe". This is the registry key that allows your computer to load the server portion of the backdoor malware whenever you reboot. In the right window, highlight the registry key that loads the file and press the DELETE key. Click on “YES” to delete the entry. Exit the registry. Click START>SHUTDOWN>"Restart in MS-DOS mode" then click OK. After the computer has restarted, the default directory should be c:\WINDOWS. If not, type "CD C:\WINDOWS" and delete the Expl32.exe file. Press CTRL+ALT+DEL and allow Windows to restart. Scan your system with Trend Micro antivirus and delete all files detected as BKDR_HACKTACK.C. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other email users may use HouseCall, Trend Micro's free online virus scanner. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.