Code: p351 Severity: Warning
Description: This event is generated when a Y3KRAT 1.5 server attempts to confirm the client's response. Impact: If connected, the attacker could execute a multitude of functions resulting in a complete compromise of the victim's machine. Corrective: Remove the Dcomcnofg key located at the following places in the registry: HKEY_LOCAL_MACHINES\Software\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINES\Software\Microsoft\Windows\CurrentVersion\RunServices HKEY_USERS\Default\Software\Microsoft\Windows\CurrentVersion\Run Reboot the computer or close Dcomcnofg.exe. Delete Dcomcnofg.exe from the windows system directory. If found, delete server.exe and kill the process called server.exe.
|
