|
Attack ftp
This trojan opens a ftp server on an infected machine , its basically a serv-u ftp server that has been modified to install without the victims knowledge . The ftp server opens on port 666 and lets anyone have full root access .
Removal : open the file C:\windows\win.ini
A line at the top will read load=wscan.exe
Delete the text after the equal sign so it only reads load=
Save and close the win.ini file.
Next click Start, and go to Run. In the box, type regedit and click OK.
When regedit starts, you will see a file-like tree on the left hand panel. Open the folders to follow the path:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Click on 'Run' and the righthand panel will change. Look for an item titled:
Reminder="wscan.exe /s" and delete it (Right click and choose delete)
Close regedit and reboot your computer to remove the trojan from memory.
Now you can use explorer to go to C:\windows\system\ and delete the file wscan.exe.
|
|
