| Port No | 5888 |
| Service Name | Y3K RAT ver 1.1 |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | Y3K RAT 1.1 adds a few more features to the previous version. Two of these features are destructive. One writes to the system.ini, which then displays an error upon booting. The other feature is supposed to overclock the processor and possibly "blow it up". However, we doubt the computer will "blow up". It writes to the registry in Windows NT but still crashes horribly. So, if you are running Windows NT, again just remove the registry key. |
| Reference Link | Y3K RAT |
| Attack | Autoloads: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ Key: Explorer32 Features: Bomb nums, caps and scroll locks Chat with server Click mouse button Enable/Disable Alt-Ctrl-Del File manager Get screen shot Get server info Hang up server ICQ Notify Key logger Lock/unlock at a position Open/Close Cd-Rom Over clock Send message Send to URL Show full window of text Shutdown power off, restart, or log off windows Swap mouse buttons View and change resolution View, clear, change clipboard View, close and hide active processes View desktop, scanner and web cam Write error to system.ini not allowing windows restart (Probably can be fixed by booting into dos) Fix: Remove the Explorer32 key in the registry located at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Which can be done with regedit or any other registry editing program. Reboot the computer or close RundII.exe. Delete the trojan file RundII.exe in the windows directory |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.