| Port No | 1999 |
| Service Name | BackDoor |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | BackDoor 2.03 is a Visual Basic trojan. The trojan comes with two files icqnuke.exe and readme.exe. When icqnuke.exe was ran it moved readme.exe to notpa.exe in the windows directory. |
| Reference Link | BackDoor Trojan |
| Attack | It autoloads the Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Key: Notepa It does the following : Chat with server Disable alt-ctrl-del and ctrl-esc File manger Get computename/netname/username Hide Task Bar Lock mouse Open/Close CD rom Popup error msg View tasks running Window controls (Show, rename, hide, etc...) Removal : 1.Delete the registry key named notpa located at KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\. This can be done using regedit or another registry editing program. 2. Reboot the computer or close the trojan. 3.Delete the trojan file notpa in the windows directory |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.