| VID |
24011 |
| Severity |
40 |
| Port |
17300 |
| Protocol |
TCP |
| Class |
BackDoor |
| Detailed Description |
Kuang2 Virus was found. Kuang2 Virus is a backdoor program designed to run on Windows 95 and 98 machines that infects files much like a virus. Once the virus has been executed on a machine, it allows remote control of the system over TCP port 17300 and systematically infects all PE (Portable Executable) .exe files on the system.
The client program allows files to be browsed, uploaded, downloaded, hidden, etc on the infected machine. The client program also can execute programs on the remote machine and install plugins that expand on the backdoor's basic functions.
* References:
http://www.iss.net/security_center/static/4074.php
http://vil.mcafee.com/dispVirus.asp?virus_k=10213&
http://www.multimania.com/ilikeit/kuang2v.htm |
| Recommendation |
The client program includes an anti-virus function to clean an infected machine. To clean the local machine, leave the IP address field in the program blank. The anti-virus cleaning process copies the infected version of EXPLORER.EXE to EXPLORER.WK2, and removes the virus. The program places the cleaned version of the file back to EXPLORER.EXE, when you shut down and restart your computer. The anti-virus process also scans the hard drive, looking for any other infected files. The readme file included in the distribution of the backdoor recommends running the anti-virus scan twice to ensure that the backdoor is removed. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
