Event ID - 1097

Port No1097
Service NameRemote Administration Tool
RFC Doc0
ProtocolTCP
DescriptionWorks on Windows 95, 98, ME and Unix [Linux and FreeBSD]. RAT server 1.1 has IRC support added. Send.tgz is Unix client. ˆ Source code is available.
Reference LinkRemote Administration Tool Trojan
AttackIt autoloads the Registry:
HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ RunServices\ and some 38 other entries !!!

It does the following :
1. Remote Access
2. AOL trojan
Can register under 40 different HKEYs.

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.