Event ID - 3700

Port No3700
Service NameTROJ_POD.S
RFC Doc0
ProtocolTCP
DescriptionUpon execution, this server side backdoor hacking tool makes itself active in memory, bypasses network security and gives system administrator privileges to remote users running the client program.
Reference LinkTROJ_POD.S
AttackDetails:

To remove this backdoor program from memory, press the CTRL-ALT-DEL buttons simultaneously.
Click ole16 in the task manager>END TASK.
Click END TASK again on the window that displays.
Scan the system with Trend Micro antivirus and delete all files detected as BKDR_POD.S. To do this Trend Micro customers must download the latest pattern file and scan their system. Other email users may use HouseCall, Trend Micro's free online virus scanner.

Solutions:

This backdoor program runs only when the following files are present on the target system:
COMDLG32.OCX and CSWSK32.OCX.

Upon execution, this backdoor program creates the BKDR_POD.C file in the system memory of the target system's Hard Disk Drive, C:\. This file gives system administrator privileges to the users on the client side. The server side hacking tool, thereafter, waits for commands coming from the client side.

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.