| Port No | 10101 |
| Service Name | Brain Spy |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | Brain Spy is a trojan from 1999. Upon running BrainSpy removed Viruscan from the memory and deleted every viruscan file. |
| Reference Link | Brain Spy Trojan |
| Attack | It autoloads the Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunService key: Gbubuzhnw, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices key: Fexhqcux, HKEY_USERS\.Default\SOFTWARE\Microsoft\Windows\CurrentVersion\Run key: Dualji It does the following : Chat with server Clipboard on/off Ctrl-Alt-Del on/off Double click on/off File manager Find file Hang up Hide/show taskbar Invert mouse buttons Keylogger on/off Open/close Cd-Rom Remove server Reset windows Upload/download file View/kill processes Removal : 1.Remove the Gbubuzhnw key in the registry located at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run, Fexhqcux key at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices and Dualji key at HKEY_USERS\.Default\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.Which can be done with regedit or any other registry editing program 2. Reboot the computer or close BRAINSPY .EXE. 3 Delete the trojan file BRAINSPY .EXE in the windows system directory |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.