| VID |
24049 |
| Severity |
40 |
| Port |
6969 |
| Protocol |
TCP |
| Class |
BackDoor |
| Detailed Description |
Backdoor Net Controller is detected.
Net Controller is an older trojan horse program created July 1999, which is written in Brazil. This backdoor consists of NetCtrlr.exe(Client program) and NetSrvr.exe(Server program). It uses 6969 TCP port as default port, which can be changed with the 'redirection port' menu.
The client is similar to NetBus. The server needs to be started from the C drive else the installation will fail. If this backdoor is running, you can find the registry key named "System" that has a data value of C\WINDOWS\System.exe in the registry located at 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'.
With the Net Controller backdoor, a remote attacker can do the following :
- Control mouse
- File manager
- FTP server
- Get cached passwords
- Screen capture
- Hang up internet connection
- Hide/show start button
- Open/close CD-Rom
- Play/Record sound
- Send message
- Send to URL
- Show image
- Swap mouse buttons
- Redirect door(port)
- Execute a program
- Key logging
* Platforms Affected:
Microsoft Windows Any version
* References:
http://www.dark-e.com/archive/trojans/netcontroller/108/index.shtml
http://www.glocksoft.com/trojan_list/Net_Controller.htm
http://www.megasecurity.org/trojans/n/netcontroller/ |
| Recommendation |
Remove it from your computer :
1. Remove the System key in the registry located at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run by using regedit or any other registry editing program.
2. Reboot the computer or close system.exe
3. Delete the trojan file system.exe in the windows system directory.
-- OR --
Remove it from your computer by using a vaccine program(anti-virus program). |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
