| Port No | 12331 |
| Service Name | NETBUS |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | This is the installer program for the Trojan NetBus Pro, a backdoor Trojan that enables a remote user control over an infected computer. It consists of a Server and the Client part. It installs the Server part, which Trend Micro detects as TROJ_NETBUS.B2, on target computers in a network and uses the Client part, which Trend Micro detects as TROJ_NETBUS.B1, to control the infected computer from a remote location. |
| Reference Link | NETBUS |
| Attack | Solution: Delete the following files in the System directory: ADIMAGE.DLL AMCIS2.DLL IPCCLIENT.DLL TFDE.DLL Click Start>Programs Look for and then right click NetBus Pro>Delete. Delete the NetBus Pro folder that was specified during the installation process. Click Start>Run, type Regedit then hit the Enter key. In the left panel, double click the following: HKEY_CURRENT_USER>Software >UltraAccess Networks Under the UltraAccess Networks key, look for and then delete the following key: NetBus Pro Double click the following: HKEY_LOCAL_MACHINE>Software>Net Solutions Under the Net Solutions, look for and then delete the following key: NetBus Scan your system and delete all files detected as TROJ_NETBUS.B3. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other email users may use HouseCall, Trend Micro’s free online virus scanner. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.