Event ID - 5742

Port No5742
Service NameWIncrash
RFC Doc0
ProtocolTCP
DescriptionThis is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.
Reference LinkMore Information
AttackName:Wincrash

When installed on a Microsoft Windows system, this backdoor Trojan horse program lets others gain full access to the system through a network connection. Backdoor.Wincrash is divided into 2 parts: a client and a server. Both applications are capable of running under Windows 95, 98, and NT 4.0. The client application running on one computer might be used to monitor and control a second computer running the server application.
The port number through which the client controls the server is configurable. However, as long as the port is blocked by a firewall, this Trojan horse cannot infiltrate the server. It does not matter whether the TCP or UDP protocol is implemented. There have not been any reports of this program breaking through a firewall.

How To Remove:
1. Kill the following processes

backdoor-m.svr.exe, client.exe, w32win,1.exe, wincrash.exe, wincrash-e.exe, wpc - wincrash password cracker.exe

2. Remove the following files
backdoor-m.svr.exe, client.exe, setup.pkg, w32win,1.exe, wincrash-e.exe, wincrash.exe, wincrash.rtf, wincrash.tb, wincrash2.hlp, wincrash_english.rtf, wpc - wincrash password cracker.exe, _setup.1, _setup.lib.

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.