Event ID - 17569

Port No17569
Service NameInfector
RFC Doc0
ProtocolTCP
DescriptionThis backdoor malware is version 20.B of the multi-feature Remote Access Tool (RAT) known as the “Infector.” It allows a remote hacker access to an infected machine. It compromises network security.
Reference LinkInfector Trojan
AttackSOLUTION :
Identifying the Malware Program
To completely remove this malware from your system, you must first identify the running malware program. Once identified, it can be terminated, and removed.
Scan your system with Trend Antivirus and NOTE all of the files detected as BKDR_INFECTOR.C. To do this Trend customers must download the latest pattern file and scan their system. Other email users may use Trend HouseCall, a free online virus scanner.

Terminating the Malware Program
Once the malicious program has been identified, you need to terminate it from memory. In this procedure, you will need the names of the file or files detected earlier as BKDR_INFECTOR.C.
1.Open the Windows Task Manager.
On Windows NT/2000/XP systems, press CTRL+SHIFT+ESC
On systems running Windows 9x/ME, use either a third party process viewer to view and terminate the malware process, or restart your system using Trend Micro's Emergency Rescue Disc (ERD). You may also skip this procedure (Terminating the Malware Program), and proceed to the next procedure.
2.Select one of the detected files, and then press either the End Task or the End Process button, depending on the version of your Windows. Note that on Windows NT/2000/XP, the list of running processes is located under the Processes tab.
3.Do the same for all detected malware files in the list of running processes.
4.To verify if the malware process has been terminated, press F5 to refresh Task Manager then review the process list.
5.Close the Task Manager.

Removing Autostart Entries from the Registry
Removing autostart entries from the registry prevents the malware from executing during startup. In this procedure, you will need the name of the file detected earlier as BKDR_INFECTOR.C. 1.Open the Registry Editor. Click Start>Run, type REGEDIT then hit the enter key.
2.In the left panel, double click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft> Windows>CurrentVersion>Run
3.In the right panel, locate and delete the registry keys that reference the file or files that you detected earlier.
4.Click OK then close the Registry Editor.

Removing Autostart Entries from System Files
A malware may modify system files so that it to automatically executes at every Windows startup. These startup entries must be removed before the system can be restarted safely.
1.Open System Configuration Editor. Click Start>Run, type SYSEDIT then hit the Enter key.
2.Select the SYSTEM.INI window.
3.Under the [boot] section, locate and delete the string after "shell=explorer.exe." The string should be the path and filename of the file or files detected earlier:< Shell=Explorer.exe %Windows%\%Trojan File%
4.In System Configuration Editor, select the WIN.INI window.
5.Under the [windows] section, locate and delete the strings after the "run=." The strings should be the path and filename of the file or files detected earlier: load =%Windows%\%Trojan File%
6.Close the System Configuration Editor and click Yes when prompted to save.

Deleting the Malware file
Scan your system with Trend Micro Antivirus and delete all files detected as BKDR_INFECTOR.C. To do this Trend Micro customers must download the latest pattern file and scan their system. Other email users may use HouseCall, Trend Micro's free online virus scanner.

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.