| Port No | 49683 |
| Service Name | Fenster |
| RFC Doc | 0 |
| Protocol | UDP |
| Description | Troj/Fenster will cause the display to go blank after a few minutes The Trojan copies itself to the system directory as the file rundll16.exe, and the registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run will be updated so that the Trojan is executed every time Windows is started up. |
| Reference Link | More Information |
| Attack | Name:Fenster How To Remove: 1. In Windows NT/2000 you will also need to delete the following registry key. The removal of this key is optional in Windows 95/98/Me. 2. At the Windows taskbar, select Start|Run. Type 'Regedit' and press return. The registry editor will open. 3. Before you edit the registry, you should make a backup. In the Registry menu, click on Export Registry File, in Export Range select All, then save your registry as Backup. 4. Locate the HKEY_LOCAL_MACHINE key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ and delete any entry calling the file rundll16.exe. 5. Close the Registry Editor and restart your computer. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.