| Port No | 555 |
| Service Name | phAse zero |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | phAse zero 1.0 is a older trojan but has a lot of features. The server does not actually appear to infect if someone just sends you the server. phAse zero comes with a setup program which needs to be ran on the host computer to actually infect the computer. This setup program needs access to the computer because it has step by step questions |
| Reference Link | phAse zero |
| Attack | It Autloads: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ Key: MsgServ
Features: Change directory Copy file Create directory Delete file Execute file FTP upload/download Hex type file List directory Lockup server Move file Reg check key Reg check value Reg create key Reg delete key Reg delete value Reg list keys Reg list values Reg read key value Reg set current key Reg write key value Remove directory Rename file Show current directory Show dialog box Terminate session Trash server Type file Unload server Fix: Remove the MsgServ key in the registry located at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Which can be done with regedit or any other registry editing program Reboot the computer or close msgsvr32.exe. Delete the trojan file msgsvr32.exe in the windows directory. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.