| Port No | 5882 |
| Service Name | Y3K RAT |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | Y3K RAT 1.0 is a trojan with a SubSeven-like client. We could not get it to connect to the server, so all the features are listed from their readme file. It writes to the registry in Windows NT but crashes horribly. So, if you are running Windows NT just remove the registry key. |
| Reference Link | Y3K RAT |
| Attack | Autoloads: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ Key: Advapi32 Features: Bomb nums, caps and scroll locks Chat with server Click mouse button Enable/Disable Alt-Ctrl-Del File manager Get screen shot Get server info Hang up server ICQ Notify Key logger Lock/unlock at a position Open/Close Cd-Rom Over clock Send message Send to URL Show full window of text Shutdown power off, restart, or log off windows Swap mouse buttons View and change resolution View, clear, change clipboard View, close and hide active processes Fix: Remove the Explorer32 key in the registry located at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Which can be done with regedit or any other registry editing program. Reboot the computer or close RundII.exe. Delete the trojan file RundII.exe in the windows directory |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.