| Port No | 3024 |
| Service Name | Wincrash |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | When installed on a Microsoft Windows system, this backdoor Trojan horse program lets others gain full access to the system through a network connection. Backdoor.Wincrash is divided into 2 parts: a client and a server. Both applications are capable of running under Windows 95, 98, and NT 4.0. The client application running on one computer might be used to monitor and control a second computer running the server application. The port number through which the client controls the server is configurable. However, as long as the port is blocked by a firewall, this Trojan horse cannot infiltrate the server. It does not matter whether the TCP or UDP protocol is implemented. There have not been any reports of this program breaking through a firewall |
| Reference Link | More Information |
| Attack | Name:Wincrash Backdoor.Wincrash is a Trojan Horse program that is divided into 2 parts: a client and a server. The client is used to connect to the server by the Internet or a LAN with TCP/IP. The server might be configured with several different options. The networking protocol could be TCP or UDP. Any port number between 1 and 65535 could be selected for communication. To connect to the server (server.exe), it must be running in the computer to which you want to connect. The IP (Internet Protocol) address of the target computer is also needed. The server masked itself as install.exe when sent to a target. Once the file is executed, it self-installs and is initialized every time Windows starts up. The server is invisible to the task list (Ctrl+Alt+Del). How To Remove: 1. End running tasks: backdoor-m.svr.exe client.exe w32win,1.exe wincrash.exe wincrash-e.exe wpc - wincrash password cracker.exe 2. Remove files (how to?): _setup.1 _setup.lib backdoor-m.svr.exe client.exe setup.pkg w32win,1.exe wincrash.exe wincrash.rtf wincrash.tb wincrash_english.rtf wincrash2.hlp wincrash-e.exe wpc - wincrash password cracker.exe |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.