Event ID - 31792

Port No31792
Service NameBackdoor.HackTack
RFC Doc0
ProtocolTCP
DescriptionThis application, once executed modifies the registry and drops a file, Expl32.exe, which is the server portion of a tool named “Hack'a'Tack.” A certain Da SuckA & The Bart33 created the application.
Reference LinkBackdoor.HackTack
AttackSolution:

Please use caution while removing this backdoor malware. If the procedure as described below is not followed correctly, unexpected results may occur.
Click START>RUN, type REGEDIT then hit the ENTER key
In the left panel, click the "+" to the left of the following:
HKEY_LOCAL_MACHINE
Software
Microsoft
Windows
CurrentVersion
Run
In the right panel, search for the registry key with the name "Explorer32" and the data value "c:\Windows\Expl32.exe". This is the registry key that allows your computer to load the server portion of the backdoor malware whenever you reboot.
In the right window, highlight the registry key that loads the file and press the DELETE key. Click on “YES” to delete the entry.
Exit the registry.
Click START>SHUTDOWN>"Restart in MS-DOS mode" then click OK.
After the computer has restarted, the default directory should be c:\WINDOWS. If not, type "CD C:\WINDOWS" and delete the Expl32.exe file.
Press CTRL+ALT+DEL and allow Windows to restart.
Scan your system with Trend Micro antivirus and delete all files detected as BKDR_HACKTACK.C. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other email users may use HouseCall, Trend Micro's free online virus scanner.

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.