| Port No | 1034 |
| Service Name | KWM |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | AVAILABLE IN DATABASE This backdoor program is similar to the Back Orifice and the Subseven malware that consist of a server program and a client program. It uses the server program to infect target systems and uses the client program to control the computer infected with the server program from a remote location. |
| Reference Link | KWM |
| Attack | Solutions: Delete the BODY.LG file from the Windows directory Delete the PHOTO.JPG file in the root directory of the Hard Drive C:\. Click Start>Run, type Regedit then hit the Enter key. Double click the following: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion In the right panel, look for the following registry entries under value and delete these: CmdID SystemNumber Close the Registry. Click Start>Run, type SYSTEM.INI then hit the enter key Look for the following lines. %Windows% is usually the C:\Windows directory: [boot] shell = Explorer.exe %Windows%\Netcfgw.exe Delete the %Windows%\Netcfgw.exe so that the above lines should finally appear as follows: [boot] shell = Explorer.exe Save and exit SYSTEM.INI. Restart your system. Scan your system with Trend Micro antivirus and then delete all files detected as BKDR_KWM.A. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other email users may use HouseCall, Trend Micro’s free online virus scanner. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.