| Port No | 16484 |
| Service Name | MoSucker |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | MoSucker 1.0 is a Visual Basic trojan. It has a client with the same layout as SubSeven's client. |
| Reference Link | MoSucker Trojan |
| Attack | It autoloads the Registry: system.ini: shell=Explorer.exe unin0686.exe under [boot] It does the following : Beep Caps lock on/off Chat with victim Clipboard manager Close/Remove server Control mouse Crash System File manager Get passwords entered by user Get/Set screen resolution Get system info Go to URL Hide/Show start button Hide/Show system tray Hide/Show task bar Minimize all windows Open/Close CD-Rom Ping server Popup startmenu Print text Process manger Search for files Send message Shutdown/Reboot/Standby/Logoff/Dos mode server Systemkeys on/off Window manager Removal : 1.Change the shell=Explorer.exe unin0686.exe to shell=Explorer.exe under [boot] in the system.ini. Which can be done with any other text editing program 2. Reboot the computer or close unin0686.exe. 3. Delete the trojan file unin0686.exe in the windows directory. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.