TCP_BackConstruction 2.1 Server FTP Open Reply

 

Code: p317

Severity: Warning

 

Description: Backdoor.Backconstruction is a Trojan Horse.

Impact: Possible theft of data via download, upload of files, execution of files and reboot the targeted machine.

Corrective: Edit the system registry to remove the extra keys or restore a previously known good copy of the registry. Affected registry keys are: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ Registry keys added are: Shell = ":\WINDOWS\Cmctl32.exe" Removal of this entry is required. Delete the file :\WINDOWS\Cmctl32.exe Ending the Trojan process is also necessary. A reboot of the infected machine is recommended.