| VID |
24012 |
| Severity |
40 |
| Port |
23456 |
| Protocol |
TCP |
| Class |
BackDoor |
| Detailed Description |
The EvilFTP backdoor is installed. The EvilFTP is a backdoor that just sets up an FTP server on the machine. The server listens on port 23456, with a username of 'yo' and a password of
'connect'. With the EvilFTP backdoor, an attacker can upload and download files from the system on which it was installed. EvilFTP will run on Windows 95, 98, and Windows NT systems.
* References:
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?id=advise30
http://www.iss.net/security_center/static/2310.php |
| Recommendation |
To remove EvilFTP from your computer:
For Windows 95 and Windows 98:
1. In win.ini, delete the line run=c:\windows\system\msrun.exe.
2. Remove Msrun.exe from the Windows system directory.
For Windows NT:
1. Using Regedit, find and delete the HKCU\Software\Microsoft\Windows NT\Windows\run=msrun.exe registry key.
2. Remove Msrun.exe from the Windows system directory. |
| Related URL |
CVE-1999-0660 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
