| VID |
24038 |
| Severity |
40 |
| Port |
16969 |
| Protocol |
TCP |
| Class |
BackDoor |
| Detailed Description |
Backdoor Priority is detected.
Priority is a simple trojan horse program created Feb. 1999, written in Visual Basic 5.
This backdoor consists of PRIORITY.exe(Agent program), PSERVER.exe(Server program). It uses 16969 TCP port as default port, which can't be changed. It can be made to drop the PingPong virus. If this backdoor is running, you can find the registry key named "PServer" that has a data value of C:\Windows\System\PServer.exe in the registry located at 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices'.
With the Priority backdoor, a remote attacker can do the following :
- Beep
- BlackOut
- Server/Client chat
- Close server
- Get number of connected clients
- Hide task bar
- ICQ PassJack
- Lock mouse
- Minimize applications
- Open web page
- Open/Close CD-ROM
- Enable/Disable Ping pong
- Run application
- Send message
- Show image
- Shutdown
- Swap mouse buttons
- Task manager
- Win PassJack
* Platforms Affected:
Microsoft Windows Any version
* References:
http://www.iss.net/security_center/static/3585.php
http://www.dark-e.com/archive/trojans/priority/beta/index.shtml |
| Recommendation |
Remove it from your computer :
1. Remove the PServer key in the registry located at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices by using regedit or any other registry editing program.
2. Reboot the computer or close PServer.exe.
3. Delete the trojan file PServer.exe in the windows system directory.
-- OR --
Remove it from your computer by using a vaccine program. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
