Trojan/Backdoor - Portal of Doom Detection (deprecated)

High Nessus Network Monitor Plugin ID 1913


The remote host has a backdoor installed.


Portal of Doom is installed. This backdoor allows anyone to partially take the control of the remote system. An attacker may use it to steal your password or prevent your system from working properly.


Open the registry to HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices and look for the value named 'String' with the data 'c:\windows\system\ljsgz.exe'. Boot into DOS mode and delete the c:\windows\system\ljsgz.exe file, then boot into Windows and delete the 'String' value from the registry. If you are running Windows NT and are infected, you can kill the process with Task Manager, and then remove the 'String' registry value. Manually inspect and repair this system.

Plugin Details

Severity: High

ID: 1913

File Name: 1913.prm

Family: Backdoors

Published: 2004/08/20

Modified: 2016/01/15

Nessus ID: 10186

Risk Information

Risk Factor: High