| Port No | 5025 |
| Service Name | WM Remote Keylogger |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | WM Remote Keylogger is a Visual Basic key logging trojan. When the server is ran it registers the Visual Basic runtime file Mswinsck.ocx. |
| Reference Link | WM Remote Keylogger |
| Attack | Autoloads: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Key: GetRightKey Features: Key logger Fix: Remove the GetRightKey key in the registry located at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Which can be done with regedit or any other registry editing program. Reboot the computer or close IMAGEM.EXE. Delete the trojan file IMAGEM.EXE in the windows system directory |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.