Event ID - 1150

Port No1150
Service Nameif
RFC Doc0
ProtocolTCP
DescriptionThis worm exploits certain vulnerabilities to propagate. It takes advantage of the following Windows vulnerabilities:
Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability
IIS5/WEBDAV Buffer Overflow vulnerability
RPC Locator Vulnerability
Reference Linkif
AttackSolution

Removing Autostart Entries from the Registry
Removing autostart entries from the registry prevents the malware from executing during startup. br>To remove the malware autostart entries:
Open Registry Editor. To do this, click Start>Run, type Regedit, then press Enter.
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
Windows Communicator=”wincom.exe”
In the left panel, double-click the following: HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>
CurrentVersion>RunServices
In the right panel, locate and delete the entry or entries:
Windows Communicator=”wincom.exe”
Close Registry Editor.

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.