Event ID - 50551

Port No50551
Service NameR0xr4t
RFC Doc0
ProtocolTCP
DescriptionR0xR4t is a Brazilian backdoor Trojan affecting Microsoft Windows operating systems. The backdoor server, server.exe, opens either TCP port 5050 or 60552 on the victim machine by default. It also modifies the Windows registry to ensure that it gets run at system start up.
A remote attacker can use the R0xR4t client, R0xR4t.exe, to gain unauthorized access to the victim system. The attacker can use the client to upload/download files, execute files, and manipulate the file system, among other things.
Reference LinkMore INformation
AttackName:R0xr4t

R0xr4t Removal Instructions

1. Kill the following processes
editserver.exe,
r0xr4t.exe,
server.exe

2. Remove the following files
editserver.exe,
icons.icl,
leiame.txt,
r0xr4t.exe,
server.exe.

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.