WinShell Trojan Detection

Critical Nessus Plugin ID 106629

Synopsis

The remote host has been compromised.

Description

This host seems to be running WinShell. WinShell is a Trojan Horse which allows an intruder to take the control of the remote computer.

An attacker may use it to steal your passwords, modify your data, and prevent you from working properly.

Solution

Reinstall your system and restore your system from known clean backups.

Plugin Details

Severity: Critical

ID: 106629

File Name: winshell.nasl

Version: Revision: 1.2

Type: remote

Family: Backdoors

Published: 2018/02/06

Modified: 2018/02/07

Dependencies: 22964

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H