| Port No | 5742 |
| Service Name | WIncrash |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc. |
| Reference Link | More Information |
| Attack | Name:Wincrash When installed on a Microsoft Windows system, this backdoor Trojan horse program lets others gain full access to the system through a network connection. Backdoor.Wincrash is divided into 2 parts: a client and a server. Both applications are capable of running under Windows 95, 98, and NT 4.0. The client application running on one computer might be used to monitor and control a second computer running the server application. The port number through which the client controls the server is configurable. However, as long as the port is blocked by a firewall, this Trojan horse cannot infiltrate the server. It does not matter whether the TCP or UDP protocol is implemented. There have not been any reports of this program breaking through a firewall. How To Remove: 1. Kill the following processes backdoor-m.svr.exe, client.exe, w32win,1.exe, wincrash.exe, wincrash-e.exe, wpc - wincrash password cracker.exe 2. Remove the following files backdoor-m.svr.exe, client.exe, setup.pkg, w32win,1.exe, wincrash-e.exe, wincrash.exe, wincrash.rtf, wincrash.tb, wincrash2.hlp, wincrash_english.rtf, wpc - wincrash password cracker.exe, _setup.1, _setup.lib. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.