| Port No | 5000 |
| Service Name | Bubbel |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | We ourselves do not actually have bubbel. If you have it please email us. All of this info is from Shawn Kwek. |
| Reference Link | Bubbel Trojan |
| Attack | It autoloads the Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\ Key: Windows It does the following : Capture screen to file Display message box Display time since server computer restarted Display time since server computer restarted Download file from web site Execute program Execute DOS command Send keys to window Get system info Get system date Get system time Get clipboard contents List/Kill running processes Log off user from network Move mouse cursor Open/Close Cd-Rom Password protect server Print a file Reboot computer Record keystrokes Shutdown the computer Send file Swap mouse buttons View running windows View file Removal : 1.Remove the Windows key in the registry located at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Runservices Which can be done with regedit or any other registry editing program. 2. Reboot the computer or close bubbel.exe. 3. Delete the trojan file bubbel.exe in the windows system directory. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.