Services    Trojan info    Chat    Downloads      About Us      Contact  Us     Help Forum     Support Us    Search

Backlash (Mini)
Removal: Open up regedit (click start, go to run and type regedit then hit ok)
Now follow this path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\General\Settings
Look for the following values "db", "ol" and "pass", right click on each and choose delete.

Using regedit still, follow this path:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Right click on the "D3dloader" value, and choose delete

Reboot then delete
c:\WINDOWS\D3dloader.exe Size: 245,760 bytes
c:\WINDOWS\SYSTEM\pddt.dat Size: 189 bytes

Konik 0.7b
Once executed, the server will delete all entries and keys in the victims win.ini file. These will be replaced with the trojans own entry.

Removal: This is difficult and may not work because of the damage made to the win.ini file.
Replace your win.ini file with a clean copy, preferably from a friend who runs a similar type of system to yours, if you cannot get a clean copy then you may need to reinstall windows after you have removed the registry entries for the trojan.

Open up regedit (hit start, run and type regedit then hit ok), when regedit has opened follow this path: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Right click on the "CheckOCX" value, and choose delete.
Keeping regedit open follow this path:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Right click on the "CheckOCX" value, and choose delete.

Reboot then delete c:\windows\system\modsys.exe

Clandestine 1.0
This is a simple trojan that did not work. It was tested 5 times and each time it would crash. In the read me file, that came with the trojan, the functions are as follows:" It captures the Screen in 2 sizes jpg format, displays remote user info, System directory path"

Removal: delete servU.exe 48.0 KB (49,152 bytes)