| VID |
24035 |
| Severity |
40 |
| Port |
20001 |
| Protocol |
TCP |
| Class |
BackDoor |
| Detailed Description |
Backdoor millenium is detected.
Millenium is a simple trojan horse program created Nov 1998, which is written in Visual Basic.
This backdoor consists of server.exe and client.exe. It uses 20001 TCP port as default port, which can't be changed. If this backdoor is running, you can find the registry key named "Millenium" that has a data value of C:\windows\system\reg66.exe, in the registry located at 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run'
With the Millenium backdoor, a remote attacker can do the following:
- Chat with server
- Config server
- Control NetBus
- Disable/Enable Alt-Ctrl-Del
- File manager
- Hang up connection
- Open/Close CD-ROM
- Capture an screen image
- Send keys
- Send message
- Shutdown, restart, logoff, restart in Ms-Dos
* Platforms Affected:
Microsoft Windows Any version
* References:
http://www.iss.net/security_center/reference/vulntemp/backdoor-millenium.htm
http://www.iss.net/security_center/static/3111.php |
| Recommendation |
Remove it from your computer.
1. Remove the Millenium key in the registry located at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run by using 'regedit' or any other registry editing program.
2. Remove the run=c:\windows\system\reg66.exe under [windows] in the win.ini. with any text editing program.
3. Reboot the computer or close reg66.exe.
4. Delete the trojan file reg66.exe in the windows system directory.
-- OR --
Remove it from your computer by using a vaccine program. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
