| Port No | 2000 |
| Service Name | Last |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | Last 2000 is a chinese trojan. Since it is chinese we know very little about it. The name may not actually be last 2000, but we believe it is. We know there are many more features however we could not translate them. We do know the default password for this trojan is 1234. The trojan stores the password, port and file at: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.avi\. |
| Reference Link | Last Trojan |
| Attack | It autoloads the Registry: Registry and system.ini It does the following : Change resolution Download file File search Registry manager Run file Upload file Window manager Removal : 1.Open the system.ini(Usually c:\windows\system.ini) and remove the key: shell=Explorer.exe Runvxd32.exe under [boot], to shell=Explorer.exe. This can be done with any text editing program. Change the default value at HKEY_LOCAL_MACHINE\SOFTWARE\txtfile\shell\open\command to "C:\WINDOWS\NOTEPAD.EXE %1". 2. Reboot the computer or close whichever file is running: H_SERVER.exe or Runvxd32.exe. 3. Delete the trojan file H_SERVER.exe and Runvxd32.exe in the windows system directory. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.