WinShell Trojan Detection

critical Nessus Plugin ID 106629

Synopsis

The remote host has been compromised.

Description

This host seems to be running WinShell. WinShell is a Trojan Horse which allows an intruder to take the control of the remote computer.

An attacker may use it to steal your passwords, modify your data, and prevent you from working properly.

Solution

Remove any instances of the WinShell Trojan and conduct a forensic examination to determine how it was installed as well as whether other unauthorized changes were made. Reinstall your system and restore your system from known clean backups.

Plugin Details

Severity: Critical

ID: 106629

File Name: winshell.nasl

Version: 1.3

Type: remote

Family: Backdoors

Published: 2/6/2018

Updated: 4/27/2020

Supported Sensors: Nessus