|
|||
Release Date:03/19/2012
Attack Name:PCShare runtime detection
Severity:
BUG ID:
CVE ID:
Description:
|
Trojan horse programs can be used by an attacker to steal data from the infected machine, they can also be used to control the infected host. This event indicates that activity relating to the trojan horse program PCShare has been detected in network traffic.
In particular this event indicates that the software detected is a Remote Access Trojan. RAT programs allow full control of the target system using a client on the attackers machine that connects to the server on the client host.
Impact:
Possible theft of data and control of the targeted machine leading to a compromise of all resources the machine is connected to.
Affected Systems:
Microsoft Windows systems
Solution:
|
Updated virus definition files are essential in detecting this Trojan.
Edit the system registry to remove the extra keys or restore a previously known good copy of the registry.
Many trojans may hide the process from viewing in the Windows task manager.
A reboot of the infected machine after cleaning is recommended.