Event ID - 22222

Port No22222
Service NameBackdoor.Prosiak
RFC Doc0
ProtocolTCP
DescriptionThis server component of a backdoor program compromises network security. It allows a remote hacker access and control over its infected computer. It opens default port numbers 12345 and 44444 and then waits for connections from the client program. Thereafter, it displays a message as follows and then displays a hoax message:

This will install Winamp 2000. Do you wish to continue?
Reference LinkBackdoor.Prosiak
AttackSolution:

Close the server editor program.
Delete the server editor program file.
Click Start>Run, type regedit then hit the Enter key.
In the left panel, double click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft
>Windows>CurrentVersion>RConfig
In the right panel, look for and then delete this registry entry:
"Microsoft DLL Loader"
In the left panel, double click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft
>Windows>CurrentVersion>RunServices
In the right panel, look for and then delete this registry entry:
ā€¯Microsoft DLL Loader"
Close the Registry.
Restart your system.
Click Start>Find/Search>Files or folders. Look for and then delete the MSJET32.EXE file from the System directory usually located at C:\Windows\System.
Scan your system with Trend Micro antivirus and delete all files detected as BKDR_POSIAK.61.C. To do this Trend Micro customers must download the latest pattern file and scan their system. Other email users may use HouseCall, Trend Micro's free online virus scanner.

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.