Event ID - 54320

Port No54320
Service NameBack Orifice
RFC Doc0
ProtocolTCP
DescriptionBack Orifice 2000 is now able to infect Windows NT systems. This trojan was released as open source but nothing much has ever come of this.
Reference LinkBack Orifice Trojan
AttackIt autoloads the Registry:
HKEY_LOCAL_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\ Key: UMG32.EXE

It does the following :
Add/List shares on Microsoft networks
Capture AVI
Capture screen
Capture still picture
Chat
Choose between XOR and 3DES encryption
Compress files
DNS stuff
Email using servers computer
Get passwords
Get system info
Http file server
List capture devices
List connections
List/Start/Kill process
Load/Debug/List/Remove plugins
Lock up machine
Log keystrokes
Map network
Ping
Play WAV can also loop it
Plugin support
Port redirection
Query
Reboot Machine
Receive file
Registry editor
Send file
Send message box
Shutdown/Reboot/Logoff/Poweroff
Shutdown/Restart server
Start/List/Stop butt plugs
Start/List/Stop command socket
Start menu on/off
View/Kill apps

Removal :
1.Remove the UMG32.EXE key located in the registry at: HKEY_LOCAL_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\. Which can be done with regedit or any other registry editing program.
2. Reboot the computer or close the trojan file.
3. Delete the trojan file UMG32.EXE in the windows system directory.

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.