| Port No | 6400 |
| Service Name | The thing |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | The thing 1.1 is a small trojan written in Borland C++. This trojan's only purpose is to upload a file and then run it. This could be used to upload a more powerful trojan. |
| Reference Link | The thing |
| Attack | It Autoloads: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ Key: (Default) Features: Get windows directory Kill server Run program Upload program Fix: Write down the value in the (Default) key in the registry located at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run and then set it to nothing. Also delete the WSASRV.EXE key in the registry located at: HKEY_LOCAL_MACHINE\System\CurrentControlSet\control\SessionManager\Known16DLLs. Which can be done with regedit or any other registry editing program. Reboot the computer or close the trojan file listed in (Default). Delete the trojan file listed in (Default) |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.