Event ID - 8889

Port No8889
Service NameW32.Axatak
RFC Doc0
ProtocolTCP
DescriptionW32.Axatak is a password stealer that stores the stolen passwords in the file Axatak.is and then sends the file to the virus creator. The virus also allows unauthorized access to an infected computer on ports 8888 and 8889.
Reference LinkPort Number: 8889 Service Name:W32.Axatak Port:TCP
AttackAccording to Symantec

Resolution:
NOTE: These instructions are for all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.
1. Update the virus definitions, run a full system scan, and delete all files that are detected as W32.Axatak.
2. Delete the value
axataK %system%\.exe
from the registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.