Event ID - 1027

Port No1027
Service NameWin32 DSNX
RFC Doc0
ProtocolTCP
DescriptionThis backdoor program arrives via an email supposedly containing a link to a Windows update site. However, the link actually points to a Web site, which automatically downloads and installs this malware into the system.

Upon execution, it drops and then executes a copy of itself in the Windows system folder using any of the following filenames:

.exe
WIN.exe

It comes with a built-in Internet Relay Chat (IRC) client, which allows it to connect to an IRC channel. It connects to a predefined port and enables a remote user to perform the following actions:

Create a proxy server on the infected machine
Delete, download, execute, obtain the MD5 of, and upload files
Flood a specified IP address
Load program plugins
Log keystrokes
Perform a port scan on the local network
Perform basic IRC commands
Redirect TCP traffic in a port to a remote site
Terminate and uninstall the program
Visit URLs
Reference LinkWin32.DSNX
AttackSolution:

This procedure terminates the running malware process. You will need the name(s) of the file(s) detected earlier.
Open Windows Task Manager.
• On Windows 95, 98, and ME, press
CTRL+ALT+DELETE
On Windows NT, 2000, and XP, press
CTRL+SHIFT+ESC, then click the Processes tab.
In the list of running programs*, locate the malware file(s) detected earlier.
Select one of the detected files, then press either the End Task or the End Process button, depending on the version of Windows on your system.
Do the same for all detected malware files in the list of running processes.
To check if the malware process has been terminated, close Task Manager, and then open it again.
Close Task Manager.

*NOTE: On systems running Windows 95, 98, and ME, Windows Task Manager may not show certain processes. You can use a third party process viewer such as Process Explorer to terminate the malware process. Otherwise, continue with the next procedure, noting additional instructions.

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.