| Port No | 65530 |
| Service Name | Windows Mite |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | AVAILABLE IN DATABASEThis memory-resident backdoor program allows a remote hacker access to an infected system. It appears as a Windows registry checker program, SCANREGW.EXE in an infected system. It compromises network security. |
| Reference Link | WINMITE |
| Attack | Solution Manual Removal Instructions Run REGEDIT.EXE and delete the below registry entries: HKEY_LOCAL_MACHINE\Software\Microsoft DirectOpenGLDirectX=dword:00000000 HKEY_LOCAL_MACHINE\Software\Microsoft\DirectOpenGL SettingsAPPID=dword:0000fffa Click Start|Shutdown|Restart in MS-DOS mode Obtain a copy of SCANREGW.EXE from a clean backup or from a clean system. Copy the file to a clean diskette. In the command prompt, type the following to change from the current drive to A: A: Copy the clean SCANREGW.EXE to the Windows directory. Type the following, pressing the enter key after every line: copy scanregw.exe c:\windows If asked to overwrite, press Y. If successful, the following should be displayed: 1 files copied Type the below command and then press the enter key to return to Windows: exit Scan your system with Trend antivirus and delete all other files detected as BKDR_WINMITE.10. To do this, Trend customers must download the latest pattern file and scan their system. Other email users may use Trend HouseCall, a free online virus scanner. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.