| Port No | 6666 |
| Service Name | DarkConnectionInside |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | This alert indicates that a remote user is trying to connect to a system in your network using the Dark Connection Inside Trojan Horse program. Trojan Horse programs enable remote users to gain access to data or system functions on systems where a Trojan Horse has been installed. A Trojan does not copy itself and spread further through file sharing or auto-emailing like a worm; rather, it is typically installed from an executable, such as an email attachment. Once installed, it allows a remote client to open a connection to the affected system. With this open connection, the remote client has access to certain functions on the affected host. |
| Reference Link | More Information |
| Attack | Name:Dark Connection Inside Manual removal: 1. Remove the MSGSRV16.EXE and Services386Shell keys in the registry located at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run and DirectX 3D Services key in the registry located at HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Run. 2. Which can be done with regedit or any other registry editing program. Reboot the computer or close msgsrv16.exe or DirectX3D.exe. 3. Delete the trojan file msgsrv16.exe and DirectX3D.exe in the windows system directory |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.