| Port No | 5333 |
| Service Name | Backage |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | Backage is a small French trojan. This trojan has a client similar to SubSevens |
| Reference Link | Backage Trojan |
| Attack | It autoloads the Registry: System.ini, win.ini and registry: It does the following : Chat with server isable/enable ALT-CTRL-DEL Get information Get screen shot Hide/show task bar Lock screen on/off Open/close CD-Rom Reboot windows Run file Send keys Send message Send to URL Set mouse position Swap mouse buttons View list of open windows Removal : 1.Remove the Internet Explorer Plugin key in the registry located at HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Run and HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\RunOnce and HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run and HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices also remove the SystemKernel32 key in the registry HKEY_USERS\.Default\Software\Win\RUN.Which can be done with regedit or any other registry editing program. 2. Open the system.ini(Usually c:\windows\system.ini) and remove the key: shell=Explorer.exe WinStop32.exe. under [boot], to shell=explorer.exe. This can be done with any text editing program. 3. Open the win.ini(Usually c:\windows\win.ini) and remove the key: run=WinStop32.exe under [Windows], this can be done with any text editing program. 4. Reboot the computer or close WinStop32.exe. 5. Delete the trojan file WinStop32.exe in the windows directory. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.