Event ID - 5880

Port No5880
Service NameY3K RAT
RFC Doc0
ProtocolTCP
DescriptionWorks on Windows 95, 98, ME, NT and 2000, together with ICQ, MSN and AOL´s AIM. Have great problems with registrating on Windows NT.
Reference LinkY3K RAT Trojan
AttackIt autoloads the Registry:
HLM\Software\Microsoft\Windows\CurrentVersion\Run\
HLM\Software\Microsoft\Windows\CurrentVersion\RunServices\ HU\.Default\Software\Microsoft\Windows\CurrentVersion\Run

It does the following :
Remote Access
ICQ trojan
IP sniffer
AIM trojan
MSN trojan
Includes an ICQ IP sniffer and may send a notification to the hacker´s UIN. The server may be configuered in many ways using combinations of some 40 features. It can stop local use of the trojan, so nobody will be able use the client on the same machine as the server. As it is possible to alter the various registrations in the Registry, manual removal instruction may not be totally reliable.

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.