| Port No | 34324 |
| Service Name | Bigluck |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | Bigluck 1.0 is a telnet server trojan (telnet is used to connect). We are not sure about all of the commands, but we do believe it does get cached passwords |
| Reference Link | Bigluck Trojan |
| Attack | It autoloads the Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ Key: Windll.exe It does the following : Get cached passwords Removal : 1.Remove the Windll.exe key in the registry located at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Which can be done with regedit or any other registry editing program 2. Reboot the computer or close Windll.exe. 3. Delete the trojan file Windll.exe in the windows directory. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.