| VID |
24004 |
| Severity |
40 |
| Port |
31785 |
| Protocol |
TCP |
| Class |
BackDoor |
| Detailed Description |
The Hack'a'Tack backdoor is installed. This backdoor allows an intruder to take the control of the computer. Hack'a'Tack uses TCP port 31785 and UDP ports 31789 and 31791. Hack'a'Tack only runs on Windows 95 and 98.
With the Hack'a'Tack backdoor, an attacker can do the following:
- move and close windows on a user desktop
- start an FTP server on a user computer
- log a user keystrokes, including passwords a user type
- shut down the computer
- execute programs
* References:
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?id=advise30
http://www.iss.net/security_center/static/2325.php |
| Recommendation |
To remove the Hack'a'Tack backdoor from your computer:
1. Using Regedit, find the HKLM\Software\Microsoft\Windows\CurrentVersion\Run registry key.
2. Find the registry entry named Explorer32. The entry's data value contains the path to the Hack'a'Tack program file, Expl32.exe. Remember the location of the file.
3. Restart your computer in MS-DOS mode.
4. Delete the Expl32.exe file from the path named in the registry value.
5. Restart Windows.
6. Using Regedit, delete the Expl32.exe entry from the HKLM\Software\Microsoft\Windows\CurrentVersion\Run registry key. |
| Related URL |
CVE-1999-0660 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
