Think you have a false positive on this rule?

Sid 1-6035


MALWARE-BACKDOOR minicommand runtime detection - initial connection server-to-client


This event is generated when activity relating to the "minicommand" Trojan Horse program is detected.


Possible theft of data and control of the targeted machine leading to a compromise of all resources the machine is connected to.

Detailed information

Trojan horse programs can be used by an attacker to steal data from the infected machine, they can also be used to control the infected host. This event indicates that activity relating to the trojan horse program minicommand has been detected in network traffic.

Affected systems

  • Microsoft Windows systems

Ease of attack

This is Trojan activity, the target machine may already be compromised.

False positives

None Known

False negatives

None Known

Corrective action

Updated virus definition files are essential in detecting this Trojan.

Edit the system registry to remove the extra keys or restore a previously known good copy of the registry.

Many trojans may hide the process from viewing in the Windows task manager.

A reboot of the infected machine after cleaning is recommended.


  • Cisco Talos
  • Nigel Houghton

Additional References