| Port No | 31 |
| Service Name | Agent 31 |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | This backdoor malware allows hackers to access to machines running its server component. This server component, when executed, opens ports 11831 and 29559 and executes commands subsequently received through these ports. The server also modifies the registry so that it is executed on Windows startup. Another component of this backdoor called the client is used on the hacker side of the connection. This component is used to remotely connect to the server component on the infected machine and send commands. Using the client, a remote user may manipulate files on infected machine and even log keystrokes made on this machine. |
| Reference Link | Agent 40421 Trojan |
| Attack | SOLUTION : Identifying the Malware Program Before proceeding to remove this malware, first identify the malware program. Scan your system with Trend Micro antivirus and NOTE all files detected as . To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micro's free online virus scanner. Terminating the Malware Program This procedure terminates the running malware process from memory. You will need the name(s) of the file(s) detected earlier. 1.Open Windows Task Manager. On Windows 9x/ME systems, press CTRL+ALT+DELETE On Windows NT/2000/XP systems, press CTRL+SHIFT+ESC, and click the Processes tab. 2.In the list of running programs*, locate the malware file or files detected earlier. 3.Select one of the detected files, then press either the End Task or the End Process button, depending on the version of Windows on your system. 4.Do the same for all detected malware files in the list of running processes. 5.To check if the malware process has been terminated, close Task Manager, and then open it again. 6.Close Task Manager. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.