| VID |
24030 |
| Severity |
40 |
| Port |
999 |
| Protocol |
TCP |
| Class |
BackDoor |
| Detailed Description |
WinSATAN is installed. This backdoor allows anyone to
partially take the control of the remote system.
A cracker may use it to steal your password or prevent your from working properlly.
* References:
http://cgi.nessus.org/plugins/dump.php3?id=10316
http://www.iss.net/security_center/reference/vuln/SatansBackdoor.htm |
| Recommendation |
Use RegEdit, and find "RegisterServiceBackUp" in HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run.
The value"s data is the path of the file. If you are infected by WinSATAN, then the registry value is named "fs-backup.exe". |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
