Page Title


	Services Trojan info Chat Downloads About Us Contact Us Help Forum Support Us Search


	::23 trojan:: This is a very dangerous trojan, at the time of testing it was not detected by any anti virus and anti trojan software. The server has some unique features such as guestbook cgi notification; the hacker can set up a web page and put a cgi guest book on his/her site, every time the victim comes online an entry will be made in this guest book, alerting the hacker that the victim is online. Another boasted feature is the ability to hide from process managers and viewers, it is assumed that the trojan uses VXD drivers for this, similar to the ring0 method. Removal: Open up regedit (click start, go to run and type regedit, then hit ok) Follow this path HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\StillImage Right click on the StillImage key and choose delete. Delete: c:\WINDOWS\SYSTEM\VMM32\Ebios32.vxd Size: 6,000 bytes, then reboot. Finally, delete: c:\WINDOWS\Shedule.exe Size: 11,776 bytes


	::Mainline 1.0b:: This is a small trojan in its early beta stages. Mainline has limited functions, and would probably be used to upload and execute more malicious trojans. Removal: hit ctrl-alt-del once; choose Project1 and then end task. Finally delete: server.exe 36.0 KB (36,864 bytes)


	Phantom FTP 2.0 This is a Russian trojan, and its exact functions are unknown. Once executed, this trojan will open up an ftp like server on port 2177 tcp Removal: open up regedit (click start, go to run, and type regedit, then hit ok). When regedit opens follow this path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices Double click on the "System" and take a note of the data. When you have written down the data then right click on the "System" value, and choose delete. Finally, delete the trojan file noted down previously. The file name should be PFS.EXE 670 KB (686,080 bytes).


	MSN Cookie 2.5 Once executed, a message window will pop up asking for your hotmail login and password, giving a vague reference about a cookie expiring. Removal: delete: c:\msnwin.dll and msncookie25.exe 56.0 KB (57,344 bytes)