| VID |
24003 |
| Severity |
40 |
| Port |
30100 |
| Protocol |
TCP |
| Class |
BackDoor |
| Detailed Description |
The NetSphere backdoor is installed. This backdoor allows anyone to partially take the control of the system. NetSphere works on Windows 95, 98, and Windows NT. NetSphere uses TCP ports 30100 and 30102.
With the NetSphere backdoor, an attacker can do the following:
- log user's keystrokes
- set up a port redirector to redirect traffic through user computer
- capture an image of user screen
- operate Mirabilis ICQ, if installed on user computer
* References:
http://www.iss.net/security_center/static/2321.php |
| Recommendation |
To remove the NetSphere backdoor from the computer:
Telnet to this computer on port 30100 and type : '<KillServer>', without the quotes, and press Enter.
-- OR --
You can also remove it manually by these steps:
1. Using Regedit, find the HKLM\Software\Microsoft\Windows\CurrentVersion\Run registry key.
2. Find the registry entry named NSSX that has a data value of C:\Windows\System\nssx.exe.
3. Delete that registry entry.
4. Restart your computer.
5. Find and delete nssx.exe from your Windows system directory. |
| Related URL |
CVE-1999-0660 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
