TCP_HackAttack.1.20

Code: p17

Severity: Warning

Description: hack-a-tack is a Trojan Horse.

Impact: Possible theft of data via download, upload of files, execution of files and reboot the targeted machine.

Corrective: Edit the system registry to remove the extra keys or restore a previously known good copy of the registry. Affected registry keys are: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ Registry keys added are: Explorer32 =":\windows\Expl32.exe" Configuration Wizard = ":\windows=cfgwiz32.exe" Removal of this entry is required. Delete the file(s) :\WINDOWS\Expl32.exe and :\windows=cfgwiz32.exe Ending the Trojan process is also necessary. A reboot of the infected machine is recommended.