| Port No | 5534 |
| Service Name | The Flu |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | This backdoor malware, written in Borland Delphi, enables a remote hacker to execute files on a target computer from a remote location. It uses a default port 5534 Transmission Control Protocol (TCP) for connection. |
| Reference Link | THEFLU |
| Attack | Solution: Click Start>Run, type SYSEDIT then hit the ENTER key. Click the "System.ini" window. Look for the [boot] section and check the contents of the "shell=" line. Modify the line and remove this entry. For example, if the data contained in the line is "explorer.exe Kernel32.exe", after editing, the data should only be "explorer.exe".: "Kernel32.exe" Save and close the registry. Restart your system. Click Start>Run, type EXPLORER.EXE then hit the ENTER key. Open the %Windows% folder and delete the KERNEL32.EXE file. Scan your system with Trend Micro antivirus and delete all files detected as BKDR_THEFLU.A. To do this Trend Micro customers must download the latest pattern file and scan their system |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.