| Port No | 9400 |
| Service Name | INCOMA |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | This is a remote administration tool created from the Bladerunner source (TROJ_NETBUS.BR.C and TROJ_NETBUS.BR.S). This program can be used by a remote user to manipulate an infected system. “Bogart” and “Stoner” have allegedly written this program. |
| Reference Link | INCOMA |
| Attack | Solution Click START>RUN, type WIN.INI then hit the ENTER key. Search for the entry run=OLEMON32.EXE. This grants the capability to load the server portion of the Trojan whenever the PC is started. Replace this entry with: ”run=”. Save the changes made with the win.ini file. Close win.ini file. Click START>SHUTDOWN>"Restart" then click OK. Scan your system with Trend antivirus and delete all files detected as BKDR_INCOM.14 to avoid re-infection. A shield that has the letters INC (InCommand) is the icon for the client part, and for the server part, the default the name of the file is server1.4.exe, which has the icon of printer with a paper on top of it. To do this Trend customers must download the latest pattern file and scan their system. Other email users may use Trend HouseCall, a free online virus scanner. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.