Code: p23 Severity: Warning
Description: This event shows that a well-known Netsphere Trojan Horse are running on the host, the Netsphere is a Trojan Horse offering the attacker access to the victims filesystem, instant messaging clients and some control over peripherals. This event is generated when a Netsphere server responds to an attackers client. Impact: Compromise of data integrity on the victim host as well as the possibility of rendering the machine temporarily unusable. Corrective: Edit the system registry to remove the extra keys or restore a previously known good copy of the registry. Affected registry keys are: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ Registry keys added are: NSSX Removal of this entry is required. Delete the file NetSphereServer.exe. Ending the Trojan process is also necessary. A reboot of the infected machine is recommended.
|
