| Port No | 1012 |
| Service Name | DOLY |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | AVIALABLE IN DATABASE This server side backdoor program is a variant of the Doly backdoor. It is coded in Visual Basic 5.0. It requires that the MSWINSCK.OCX file and the FS.OCX file are installed in an infected computer for it to execute properly. Once executed, it remains active in memory and functions as server side backdoor. It allows a remote user running its client side control over an infected system. This backdoor carries a destructive payload of formatting an infected system's Drive C:\. |
| Reference Link | DOLY |
| Attack | Solution: Click Start > Run, type REGEDIT.EXE then hit the Enter key. Double-click the following and delete the registry key “Ms tesk”: HKEY_USERS\Default\Software\Microsoft\Windows \CurrentVersion\Run Double-click the following: HKEY_USERS\Default\Software\Mirabilis \ICQ\Agent\Apps\Ava Delete the following entries: Enable Parameters Path Startup Exit the Registry. Restart your system in MS-DOS mode and delete the MDM.EXE file in the Windows startup folder that can be found in the C:\%windows%\Start Menu\Programs\StartUp\ by default. Scan your system with Trend antivirus and delete all files detected as BKDR_DOLY15.B. To do this, Trend customers must download the latest pattern file and scan their system. Other email users may use HouseCall |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.