Services    Trojan info    Chat    Downloads      About Us      Contact  Us     Help Forum     Support Us    Search

Blade runner
Blade runner is your average client server type trojan , much the same as netbus , it is more difficult to remove though.
Blade runner opens the following ports on an infected computer 5400 , 5401, 5402 and port 21.
To remove bladerunner follow these steps:
First. click Start, and go to Run. In the box, type regedit and click OK.
When regedit starts, you will see a file-like tree on the left hand panel. Open the folders to follow the path:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Click on 'Run' and the right-hand panel will change. Look for an item titled:
System-Tray = "c:\something\something.exe"
The path to the program can be anything, and you will need to write this down or remember it for the next step.
There is also no need to delete this line yet, as the trojan will simply put it back.
Next, go to Start -> shutdown. Select 'Restart the computer in MS-DOS mode.' and click OK.
When your computer is at the C:\windows\ prompt, type the following:
del line-from-above
Replace line-from-above with the path you wrote down from the registry above.
With the above example, you would type:
del c:\something\something.exe
Then type exit to return to windows.
Next, start regedit again and follow the same steps as you did first in this document.
This time, you need to delete the line you wrote down.

Antilaw
Antilaw is a German trojan that was written in the Delphi programming language , it is your typical remote access trojan and it consists of the following files
aNtIlAw, v1,02.exe
which is the client or "control" part of the back door; and:
sErVeR v1,01.exe
which is the actual server program.
Once the server has been run, it puts itself into the windows directory as the file suck.exe and modifies the following registry key to start suck.exe when the machine is next booted.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
The server deletes itself from the location from which it was first run, leaving only a copy of suck.exe in the windows directory. The suck.exe file runs as a service and waits for a connection on port 852. The client connects to the server and provides the ability for the malicious user to browse through the victim's files and read, modify and delete them at will. The client also provides limited control over the target machine, including the ability to log off, reboot the machine, and manipulate the task bar. It can also display pop-up windows messages and alter the mouse position control.