Code: p344 Severity: Warning
Description: This event is generated when an attacker attempts to remotely upload and execute a file with the RUX the Tick trojan. Impact: If successful, the attacker would gain unauthorized access to an affected system, enabling him to upload and execute file on the machine. The attacker can use this function to upload additional backdoors to the victim's sytem and execute them. Corrective: Using Windows Task Manager, kill these processes: ruxserver.exe and server.exe Use Windows Explorer to find ruxserver.exe and delete the file. This program may hide itself in the process list and can use different names and can exist in many locations on an infected machine. Keep anti-virus programs updated with the latest definitions.
|
