| Port No | 45632 |
| Service Name | Little Witch |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | This backdoor malware is called Little Witch version 5.0. It allows a remote hacker access to an infected computer.
Once executed, the server program copies itself to a file with a variable filename in the %System% directory and then deletes its original file. It then modifies the
SYSTEM.INI file %Windows% directory. It adds the dropped file in the shell entry line in the Boot section as follows so that the server program copy executes upon
Windows startup:Shell = Explorer.exe |
| Reference Link | Little Witch Trojan |
| Attack | SOLUTION : 1.Scan your system with Trend AntiVirus and note the filenames of the files detected as BKDR_WITCH.50.A. 2.Click Start>Run, type REGEDIT then hit the Enter key. 3.Double click the following: HKEY_CURRENT_USER>.DEFAULT>Software>Microsoft>Windows>CurrentVersion>Run 4.Look for the entry that points to the files detected as TROJ_WITCH.50.A (refer to your notes in step 1) and delete the entry. 5.Double click the following: HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>CurrentVersion>Run 6.Look for the entry that points to the files detected as BKDR_WITCH.50.A (refer to your notes in step 1) and delete the entry. 7.Double click the following: HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>CurrentVersion>RunServices 8.Look for the entry that points to the files detected as BKDR_WITCH.50.A (refer to your notes in step 1) and delete the entry. 9.Double click the following: HKEY_USERS>.DEFAULT>Software>Microsoft>Windows>CurrentVersion>Run 10.Look for the entry that points to the files detected as BKDR_WITCH.50.A (refer to your notes in step 1) and delete the entry. 11.Scan your system with Trend Micro antivirus and delete all files detected as BKDR_WITCH.50.A. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other email users may use HouseCall, Trend Micro's free online virus scanner |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.