Event ID - 999

Port No999
Service NameDeep Throat
RFC Doc0
ProtocolTCP
DescriptionThe current Deep Throat 3.0 is a buggy release which is good of course. Version 3.0 offers many more features and a better client for the hacker. While this version is buggy because of the great demand for it's release. It's keylogger uses port 999 TCP by default and it's FTP server uses 41 TCP. The port redirection a new feature to DeepThroat is defaulted for making the hacker's IRC IP number the one of the trojan's
Reference LinkDeep Throat Trojan
AttackIt autoloads the Registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ Key: Systemtray

It does the following :
Add program to load with windows through the registry
Capure screen
Cd Rom Open/Close
Change wall paper
Create directory
Delete file
Download file from the internet
Drive info
Freeze mouse
Get cached/Dial up passwords
Get window list
Hangup modem
Hide or show: Taskbar, Start Button, Systray, Clock or Desktop
Kill/Disable/Enable/Change title of window
Monitor on/off
Online ICQ alert
Play sound
Port redirection
Reboot
Run program invisible or visible
Send text to window
Send to url
Show picture
Swap mouse buttons System info

Removal :
1.Remove the Systemtray key located at: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. Which can be done with regedit or any registry editing program.
2. Reboot the computer
3. Delete the trojan files pddt.dat in the Windows System directory(Usually c:\windows\system), and the systray.exe located in the Window directory

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.