Event ID - 50552

Port No50552
Service NameR0xr4t
RFC Doc0
ProtocolTCP
DescriptionR0xR4t is a Brazilian backdoor Trojan affecting Microsoft Windows operating systems. The backdoor server, server.exe, opens either TCP port 5050 or 60552 on the victim machine by default. It also modifies the Windows registry to ensure that it gets run at system start up.
A remote attacker can use the R0xR4t client, R0xR4t.exe, to gain unauthorized access to the victim system. The attacker can use the client to upload/download files, execute files, and manipulate the file system, among other things.
The R0xR4t Trojan includes a keystroke logger that can be used to record all user keystrokes. The keystroke data is saved to a hidden file which can be downloaded by the attacker, and checked to obtain confidential information. Most versions of R0xR4t also act as FTP servers and notifiers
Reference LinkMore Information
AttackName:R0xr4t

R0xr4t Removal Instructions

Kill the following processes
editserver.exe,
r0xr4t.exe,
server.exe

2. Remove the following files
editserver.exe,
icons.icl,
leiame.txt,
r0xr4t.exe,
server.exe.

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.