Event ID - 5889

Port No5889
Service NameY3KRT
RFC Doc0
ProtocolTCP
DescriptionThis is the server side version 1.2 of the Y3K backdoor hacking tool. It had been created in Borland Delphi and compressed in Aspack. It allows a remote user/attacker connection and access to an infected system. It compromises network security.
Reference LinkY3KRT
AttackSolution:
Click Start>Run, type REGEDIT.EXE then hit the Enter key.
Double click the following and then delete the registry run key “Nvarch16”:
HKEY_LOCAL_MACHINE>Software>Microsoft>Windows >CurrentVersion>Run
Double click the following and delete the registry key General:
HKEY_LOCAL_MACHINE>Software>Microsoft>General
Exit the Registry and then reboot your system Scan your system with Trend antivirus and delete all files detected as BKDR_Y3KRT.B.SVR. To do this, Trend customers must download the latest pattern file and scan their system. Other email users may use HouseCall

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.