| Port No | 5472 |
| Service Name | WinCrash |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | WinCrash 1.03 is a old trojan. WinCrash comes with a simple client and basic features |
| Reference Link | WinCrash |
| Attack | Autoloads: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ Key: Explorer32 Features: Change date Change or remove desktop wallpaper Chat Clipboard lock on/off Close all programs Control mouse Disable/enable start button Exit or shutdown windows Flash caps, locks and scrolls lock Flip screen Flood printer File manager Freeze mouse Get passwords Get system information Hide/show start button Hide/show task bar Lock up system Monitor on/off Open/Close CD-Rom Play wav file Screen saver bomb on/off Start screen saver System keys on/off View active process Fix: Locate and write down the trojan path in MsManager key in the registry located at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. Then delete the MsManager key. Which can be done with regedit or any other registry editing program. Reboot the computer or close the trojan listed in the registry. Delete the trojan file that was listed in the registry. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.