| Port No | 37 |
| Service Name | BD Lithium 1.0 |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | This signature detects Backdoor Lithium 1.0 activity. |
| Reference Link | Port Number:37 Service Name:BD Lithium 1.0 Port:TCP |
| Attack | According to Symantec Resolution: It is strongly recommended that an AntiVirus scan be conducted and all files associated with this backdoor be deleted prior to manually removing the backdoor from the registry. To Delete the value from the registry WARNING: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry," for instructions. a. Click Start, and then click Run. (The Run dialog box appears.) b. Type regedit Then click OK. (The Registry Editor opens.) c. Navigate to the key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run d. In the right pane, delete any of the following values: "Registry Services" = "C:\WINDOWS\SYSTEM\Registry32.exe" "Shell32" = "Iexplorer.exe" "Windows Root Account" = "Root32.exe" e. Navigate to the key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ RunServices f. In the right pane, delete any of the following values: "Windows Root Account" = "Root32.exe" "Shell32" = "Shell32.com" g. Exit the Registry Editor. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.