| VID |
24037 |
| Severity |
40 |
| Port |
15000 |
| Protocol |
TCP |
| Class |
BackDoor |
| Detailed Description |
Backdoor NetDemon is detected.
NetDemon is a trojan horse program created July. 2000, which is written in Visual Studio 6.0.
This backdoor consists of NetDemon.exe(Agent program), Server.exe(Server program), EditServer.exe(server's configuration program). It uses 15000 TCP port as default port, which can be changed by using EditServer.exe.
If this backdoor is running, you can find the registry key named "WinMap" that has a data value of C:\WINDOWS\SYSTEM\winmap.exe, in the registry located at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'.
With the NetDemon backdoor, a remote attacker can do the following :
- Open/Close CD-ROM
- Send Messages
- Shutdown Computer
- Hide Start Button
- Hide Task Bar
- Hide Desktop Icons
- Open Browser
- Remove Server
- Manager Files
* Platforms Affected:
Microsoft Windows Any version
* References:
http://www.iss.net/security_center/reference/vuln/backdoor-netdemon.htm
http://www.iss.net/security_center/static/6150.php |
| Recommendation |
To Remove it from your computer :
1. Delete the registry key named 'WinMap' located at KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ by using regedit or another registry editing program.
2. Reboot the computer or close the winmap.exe.
3. Delete the trojan file winmap.exe in the windows directory.
-- OR --
Remove it from your computer by using a vaccine program. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
