TCP_Asylum 0.1 connection established


Code: p340

Severity: Warning


Description: This event is generated when a victim host attempts to send a connection confirmation to an attacker using the Asylum 0.1 trojan.

Impact: If successful, the attacker would gain unauthorized access to your system, enabling him to upload and execute files on your computer and reboot it at will, resulting in a full compromise of the victim's computer.

Corrective: Delete the System Administration key (if found) in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run or HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices or HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run. Open the system.ini and (if found) replace shell=Explore.exe win32cmp.exe to shell=explore.exe Open the win.ini and (if found) delete load=c:\windows\wincmp32.exe or run=c:\windows\wincmp32.exe Find and delete the Asylum 0.1 trojan server file, usually called wincmp32.exe. Keep your anti-virus programs updated with the latest definitions.