|
Deepthroat
Deepthroat is one of the more advanced trojans , and many trojans have based there features on deepthroat . It was also , to my knowledge , the first trojan to have icq notify ability , where the victims pc sends a wwpager message to the hackers icq number with needed details like ip etc so the hacker can hack the victim every time the victim goes online .
This trojan adds a registry line not only when its run, but when its shutdown.
Version 1 used the name System32, and version 2 and 3 uses the name SystemTray.
This key will be located in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
For version 1, look for the item 'System32', which should point to the file c:\windows\system32.exe
Version 2 or 3 will be listed under the item 'Systemtray', and should point to c:\windows\systray.exe
(Note: If you have an item 'SystemTray' = 'Systray.exe' with no path, then this points to C:\windows\system\ and is OK. Only copies residing in C:\windows are potentially dangerous.)
Be careful in that c:\windows\system\systray.exe is a real system program, and should NOT be deleted.
First note the program/version it points to.. you will need to delete it later.
Next, go to start and shutdown.. Restart the computer in MSDos mode.
You should have a C:\windows prompt .. if not cd c:\windows to get to the right directory, and then delete the exe you found and noted using regedit. (del filename.exe)
Then type Exit to get back to windows, and then reboot your system.
After the reboot, go back to regedit and remove the registry entry. There is no need to reboot again, as the trojan was deleted.
|
|
