| Port No | 1711 |
| Service Name | ROLWINDOWS |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | This destructive batch file malware deletes files with the following extensions upon execution: LOG DOC XLS PPT It also disables the mouse and keyboard, displays message boxes and opens several windows, causing the system to hang. |
| Reference Link | ROLWINDOWS |
| Attack | Solution Windows Millennium Edition (ME) and Windows XP have a feature known as System Restore, which creates backups of certain files in the _Restore folder. The System Restore feature usually backs up files with EXE or COM extensions, which may include infected files and malware programs. Files in the _Restore folder are protected and can only be accessed using System Restore. This feature must be disabled first before Trend Micro antivirus can access and clean these files. The following procedure disables the System Restore feature: For Windows ME Right-click the My Computer icon on the Desktop and click Properties. Click the Performance tab. Click the File System button. Click the Troubleshooting tab. Select Disable System Restore. Click Apply > Close > Close. When prompted to restart, click Yes. Press F8 while the system restarts. Choose Safe Mode then hit the Enter key. After your system has restarted, continue with the scan/clean process. Files under the _Restore folder can now be deleted. Re-enable System Restore by clearing Disable System Restore and restarting your system normally. For Windows XP Log on as Administrator. Right-click the My Computer icon on the desktop and click Properties. Click the System Restore tab. Select Turn off System Restore. Click Apply > Yes > OK. Continue with the scan/clean process. Files under the _Restore folder can now be deleted. Re-enable System Restore by clearing Turn off System Restore. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.