Event ID - 17569

Port No17569
Service NameThe Infector
RFC Doc0
ProtocolTCP
DescriptionThe Infector 1.7 bonus like previous versions has a large server because it is released uncompressed. This allows the server to be compressed by a "hacker" and not be detected by trojan scanners. The Infector 1.7 bonus. creates a file setup.int. Setup.int is a plaintext (you can view in notepad) file which logs all of the keys you have typed. Note that this verison was released to prevent detection by trojan scanners. This is the second time the author has recompiled this trojan
Reference LinkThe Infector
AttackIt Autloads: System.ini: shell=Explorer.exe MSNAPPLICATION.exeunder [boot]

Features:

Application manager
Chat with server
Enable/disable Ctrl-Alt-Del
File manager
Get screen shot
Hide/show icons
ICQ notify
Key logger
Open URL
Open/close CD-Rom
Play movie file
Play sound
Remove server
Run file
Send keys
Show/hide desktop icons
Shutdown, reboot, log off, or power off Windows
Upload file
View/close running applications

Fix:
Change the shell=Explorer.exe MSNAPPLICATION.exe to shell=Explorer.exe in the system.ini under [boot]. Which can be done with any other text editing program
Reboot the computer or close MSNAPPLICATION.exe.
Delete the trojan files d3x.drv, MSNAPPLICATION.exe and setup.int in the windows directory.

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.