| Port No | 60551 |
| Service Name | ROXRAT |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | This backdoor malware consists of a client component, a server component, and an edit server program. The server program installs on target systems and opens a port, where it waits for an outside connection from its client counterpart. The details of its behavior are set using the edit server program, which also generates it. Remote users running the client program can then access and manipulate the compromised machine. With this backdoor, users are allowed several malicious activities, including remotely browsing local drives, retrieving keystrokes, and deleting files from the compromised machine. |
| Reference Link | ROXRAT |
| Attack | Solutions: Check your computer for the existence of the following directories. Delete these when found: C:\progra,1\chode, C:\progra,1\foreskin, C:\progra,1\dickhair In your files C:\Windows\StartMenu\Programs\StartUp folder, delete the following files: ASHIELD.PIF NETSTAT.PIF WINSOCK.VBS Scan your system with Trend Micro antivirus and delete all files detected as BAT_FIRKIN.A, PIF_FIRKIN.A, VBS_FIRKIN.A and TROJ_FIRKIN.A. To do this Trend Micro customers must download the latest pattern file and scan their system. Other email users may use HouseCall, Trend Micro's free online virus scanner. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.