MALWARE-BACKDOOR minicommand runtime detection - initial connection server-to-client
This event is generated when activity relating to the "minicommand" Trojan Horse program is detected.
Possible theft of data and control of the targeted machine leading to a compromise of all resources the machine is connected to.
Trojan horse programs can be used by an attacker to steal data from the infected machine, they can also be used to control the infected host. This event indicates that activity relating to the trojan horse program minicommand has been detected in network traffic.
- Microsoft Windows systems
Ease of attack
This is Trojan activity, the target machine may already be compromised.
Updated virus definition files are essential in detecting this Trojan.
Edit the system registry to remove the extra keys or restore a previously known good copy of the registry.
Many trojans may hide the process from viewing in the Windows task manager.
A reboot of the infected machine after cleaning is recommended.
- Cisco Talos
- Nigel Houghton