Event ID - 12345

Port No12345
Service NameNETBUS
RFC Doc0
ProtocolTCP
DescriptionAVLABLE IN DATABASE This is the installer program for the Trojan NetBus Pro, a backdoor Trojan that enables a remote user control over an infected computer. It consists of a Server and the Client part. It installs the Server part, which Trend Micro detects as TROJ_NETBUS.B2, on target computers in a network and uses the Client part, which Trend Micro detects as TROJ_NETBUS.B1, to control the infected computer from a remote location.
Reference LinkNETBUS
AttackSolution:
Delete the following files in the System directory:
ADIMAGE.DLL
AMCIS2.DLL
IPCCLIENT.DLL
TFDE.DLL
Click Start>Programs
Look for and then right click NetBus Pro>Delete.
Delete the NetBus Pro folder that was specified during the installation process.
Click Start>Run, type Regedit then hit the Enter key.
In the left panel, double click the following:
HKEY_CURRENT_USER>Software >UltraAccess Networks
Under the UltraAccess Networks key, look for and then delete the following key:
NetBus Pro
Double click the following:
HKEY_LOCAL_MACHINE>Software>Net Solutions
Under the Net Solutions, look for and then delete the following key:
NetBus
Scan your system and delete all files detected as TROJ_NETBUS.B3. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other email users may use HouseCall, Trend Micro’s free online virus scanner.

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.