Event ID - 30100

Port No30100
Service NameNetSphere
RFC Doc0
ProtocolTCP
DescriptionThis server side backdoor Trojan enables a remote user access to its infected computer. It does not have a destructive payload.
Reference LinkNetSphere Trojan
AttackSOLUTION :
1.Manually delete the dropped file, EPP32.EXE, from the Windows System folder.
2.Click Start>Run, type Regedit then hit the Enter key.
3.DoubleClick the following:
HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows >CurrentVersion>Run 4.Delete the following in the right panel:
“ExecPowerProfile” “C:\Windows\System\epp32.exe”
5.Close the Registry.
6.Scan your system with Trend Micro antivirus and delete all files detected as TROJ_NETSPHERE.A. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other email users may use HouseCall, Trend Micro’s free online virus scanner.

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.