Services    Trojan info    Chat    Downloads      About Us      Contact  Us     Help Forum     Support Us    Search

Bigluck
Another damn telnet trojan ……
Bigluck like acid shiver uses telnet as the client this means that any operating system can connect to the infected computer and hack them. This trojan is basically a password stealing trojan and can be used to steal most passwords cached on the victims computer.

The server part of this trojan is a file called bg10.exe and when executed infects the victim opening up port
34324.

The server installs itself to the following registry line :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Bla

This trojan is fairly basic , it doesn't have many features that I can work out , it would probably be used as a file server to upload a more dangerous type of trojan onto the infected computer .

Removal :
Open regedit and go to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Look for :
System = "C:\WINDOWS\System\mprdll.exe"
Delete this line , now find : Systemdoor = "C:\WINDOWS\System\rundll argp1"
Right click on 'Systemdoor' and choose Delete.

Restart your computer at this stage and then find the following files and delete them
C:\WINDOWS\System\mprdll.exe
Also find and delete the file
C:\WINDOWS|system\rundll.exe

Just don't delete rundll.exe in c:\windows\ as this is a real Microsoft file and is needed by windows