Event ID - 37

Port No37
Service NameBD Lithium 1.0
RFC Doc0
ProtocolTCP
DescriptionThis signature detects Backdoor Lithium 1.0 activity.
Reference LinkPort Number:37 Service Name:BD Lithium 1.0 Port:TCP
AttackAccording to Symantec

Resolution:
It is strongly recommended that an AntiVirus scan be conducted and all files associated with this backdoor be deleted prior to manually removing the backdoor from the registry.
To Delete the value from the registry
WARNING: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry," for instructions.
a. Click Start, and then click Run. (The Run dialog box appears.)
b. Type regedit
Then click OK. (The Registry Editor opens.)
c. Navigate to the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
d. In the right pane, delete any of the following values:
"Registry Services" = "C:\WINDOWS\SYSTEM\Registry32.exe"
"Shell32" = "Iexplorer.exe"
"Windows Root Account" = "Root32.exe"
e. Navigate to the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ RunServices
f. In the right pane, delete any of the following values:
"Windows Root Account" = "Root32.exe"
"Shell32" = "Shell32.com"
g. Exit the Registry Editor.

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.