| Port No | 33333 |
| Service Name | Backdoor.Prosiak |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | This server component of a backdoor program compromises network security. It allows a remote hacker access and control over its infected computer. It opens default port numbers 12345 and 44444 and then waits for connections from the client program. Thereafter, it displays a message as follows and then displays a hoax message: This will install Winamp 2000. Do you wish to continue? |
| Reference Link | Backdoor.Prosiak |
| Attack | Solution: Close the server editor program. Delete the server editor program file. Click Start>Run, type regedit then hit the Enter key. In the left panel, double click the following: HKEY_LOCAL_MACHINE>Software>Microsoft >Windows>CurrentVersion>RConfig In the right panel, look for and then delete this registry entry: "Microsoft DLL Loader" In the left panel, double click the following: HKEY_LOCAL_MACHINE>Software>Microsoft >Windows>CurrentVersion>RunServices In the right panel, look for and then delete this registry entry: ā€¯Microsoft DLL Loader" Close the Registry. Restart your system. Click Start>Find/Search>Files or folders. Look for and then delete the MSJET32.EXE file from the System directory usually located at C:\Windows\System. Scan your system with Trend Micro antivirus and delete all files detected as BKDR_POSIAK.61.C. To do this Trend Micro customers must download the latest pattern file and scan their system. Other email users may use HouseCall, Trend Micro's free online virus scanner. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.