TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

341

342

343

344

345

346

347

348

349

350

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

346

C:\Windows\System.ini and remove the entry for wincmp32.exe in the shell key under the [boot] section, restart your

computer and then delete C:\Windows\wincmp32.exe file.

Signature ID: 3355

Backdoor Backage

Threat Level: Critical

Signature Description: Backdoor Backage is a Trojan written in Visual Basic 6 affecting Microsoft Windows operating

systems. The backdoor uses a client/server relationship, where the server component is installed in the victim's system

and the remote attacker has control of the client. By default, the server attempts to run on TCP port 334, to allow the

client system to connect. Backage has multiple variants, including Backage 3.0, Backage 3.0.1, Backage 3.1 New

Backdoor Age, Backage 3.2 SE, and Backage Server 3.1a. Backage could allow a remote attacker to gain unauthorized

access to the system. This trojan once installed on a system, permits unauthorized users to remotely run applications in

victim's system. This attack could pose a serious security threat. Administrator should take immediate action to stop

any damage or prevent further damage from happening.

Signature ID: 3356

Backdoor BackConstruction

Threat Level: Severe

Signature Description: Backdoor BackConstruction also known as Back Construction, Nightmare.B and

Backdoor.Nightmare.B is a Trojan that opens up a backdoor program that, once installed on a system, permits

unauthorized users to remotely edit files. BackConstruction operates over ports 5401, and 5402. With the

BackConstruction backdoor, an attacker can create, retrieve, and manipulate files using a built-in FTP server. This

attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further

damage from happening. To remove BackConstruction from your computer, go to registry file directory and find and

delete the HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Shell registry key, and delete

cmctl32.exe from windows directory.

Signature ID: 3357

Backdoor F-BackDoor

Threat Level: Severe

Signature Description: F-Backdoor is a backdoor Trojan that infects vulnerable Microsoft Windows operating systems.

It was originally written and distributed by the HACKERS POLSKA SQUAD "F". Many variants of F-Backdoor exist.

Once the F-Backdoor server is launched, it monitors TCP port 666 for an incoming connection. Registry auto-run keys

are added so that the Trojan server part is executed whenever Windows starts. Through the F-Backdoor client, an

attacker could perform malicious actions and F-Backdoor could allow a remote attacker to gain unauthorized access

and gain complete control of the system.

Signature ID: 3358

Backdoor Balsitix

Threat Level: Severe

Signature Description: Backdoor Balsitix is a Trojan that opens up a backdoor program that, once installed on a

system, permits unauthorized users to remotely perform a variety of operations, such as changing the registry,

executing commands, starting services, listing files, and uploading or downloading files. Balsitix operates over port

1183 via UDP.

Signature ID: 3359

Backdoor Basic Hell

Threat Level: Severe

Signature Description: Backdoor Basic Hell also known as BackDoor-AMO.gen, Backdoor.BasicHell.10,