Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Trojan/Backdoor - EvilFTP Detection

High

Synopsis

The remote host has a backdoor installed

Description

The remote host is running EvilFTP. EvilFTP is a backdoor that sets up an FTP server on your machine.

Solution

To remove this backdoor on Windows 95 and 98, delete the line "Run=C:\Windows\System\msrun.exe" from C:\Windows\Win.ini and delete the C:\Windows\System\msrun.exe file. To remove EvilFTP from a WindowsNT system, you will have to open RegEdit to the key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows, and look for a value named "Run". If the data value is "C:\Winnt\System32\msrun.exe", delete the value, then delete the C:\Winnt\System32\msrun.exe file. Manually inspect and repair this system.