| Port No | 32418 |
| Service Name | Acid Battery |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | Acid Battery 1.0 is a trojan from 1999. This trojan has a simple client and a normal range of features. However, when removing it, you should be careful because the server copies itself as ExpIorer.exe in the windows directory, which can easily be confused with Explorer.exe. The correct Explorer.exe is usually larger then 150 kilobytes and has a different icon then the trojan. The trojan server's letter “I” in the word “ExpIorer” is actually an upper case i, while the real Explorer.exe's letter “l” is a lowercase L. |
| Reference Link | Acid Battery Trojan |
| Attack | It autoloads the Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Key: Explorer It does the following : Beep manager Control mouse Disable/enable CTRL-ALT-DEL Exit windows File manager Flash colors Freeze system FTP server Get cached passwords Get screen shot Hide/show mouse Hide/show start button Hide/show startpanel Open/Close CD-Rom Send message Write in notepad Write on desktop Removal : 1.Remove the Explorer key in the registry located at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. That can be done with regedit or any other registry editing program. 2. Reboot the computer or close ExpIorer.exe (after the p is a captial i not L). 3. Delete the trojan file ExpIorer.exe(after the p is a captial i not L) in the windows directory. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.