Event ID - 31320

Port No31320
Service NameLittle Witch
RFC Doc0
ProtocolTCP
DescriptionThis backdoor malware is called Little Witch version 5.0. It allows a remote hacker access to an infected computer
Reference LinkLittle Witch
AttackSolution

Scan your system with Trend AntiVirus and note the filenames of the files detected as BKDR_WITCH.50.A.
Click Start>Run, type REGEDIT then hit the Enter key.
Double click the following:
HKEY_CURRENT_USER>.DEFAULT>Software>Microsoft
>Windows>CurrentVersion>Run
Look for the entry that points to the files detected as TROJ_WITCH.50.A (refer to your notes in step 1) and delete the entry.
Double click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft
>Windows>CurrentVersion>Run
Look for the entry that points to the files detected as BKDR_WITCH.50.A (refer to your notes in step 1) and delete the entry.
Double click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft
>Windows>CurrentVersion>RunServices
Look for the entry that points to the files detected as BKDR_WITCH.50.A (refer to your notes in step 1) and delete the entry.
Double click the following:
HKEY_USERS>.DEFAULT>Software>Microsoft>Windows>CurrentVersion>Run
Look for the entry that points to the files detected as BKDR_WITCH.50.A (refer to your notes in step 1) and delete the entry

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.