| Port No | 4444 |
| Service Name | Prosiak |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | This server component of a backdoor program compromises network security. It allows a remote hacker access and control over its infected computer. It opens default port numbers 12345 and 44444 and then waits for connections from the client program. Thereafter, it displays a message as follows and then displays a hoax message: |
| Reference Link | Prosiak Trojan |
| Attack |
SOLUTION : 1.Close the server editor program. 2.Delete the server editor program file. 3.Click Start>Run, type regedit then hit the Enter key. 4.In the left panel, double click the following: HKEY_LOCAL_MACHINE>Software>Microsoft >Windows>CurrentVersion>RConfig 5.In the right panel, look for and then delete this registry entry: "Microsoft DLL Loader" 6.In the left panel, double click the following: HKEY_LOCAL_MACHINE>Software>Microsoft >Windows>CurrentVersion>RunServices 7.In the right panel, look for and then delete this registry entry: ā€¯Microsoft DLL Loader" 8.Close the Registry. 9.Restart your system. 10.Click Start>Find/Search>Files or folders. Look for and then delete the MSJET32.EXE file from the System directory usually located at C:\Windows\System. 11.Scan your system with Trend Micro antivirus and delete all files detected as BKDR_POSIAK.61.C. To do this Trend Micro customers must download the latest pattern file and scan their system. Other email users may use HouseCall, Trend Micro's free online virus scanner. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.