Code: p18 Severity: Warning
Description: This event shows that a well-known Trojan Horse are running on the host, which is not a scan, but a successful connection. Impact: Possible theft of data and control of the targeted machine leading to a compromise of all resources the machine is connected to. This Trojan also has the ability to delete data, steal passwords and disable the machine. Corrective: Edit the system registry to remove the extra keys or restore a previously known good copy of the registry. Affected registry keys are: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] Registry keys added: Windll.exe Removal of the file Windll.exe is required. Also end the process Windll.exe. A machine reboot may be required to clear the existing process from running in memory.
|
