Anti Trojan Warfare


	Services Trojan info Chat Downloads About Us Contact Us Help Forum Support Us Search


	Brain Spy This trojan has the features of some of the earlier versions of subseven , it's a lot like netbus but it also has the chat with victim option that subseven has . Once executed , the server will open port 10101 tcp allowing the hacker access . This trojan seemed a bit buggy when I was researching it so I don't know if it actually works that well or if I had a bad copy . Removal : Open up regedit ( click on start , run , type regedit) and follow the following path . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ Click on 'Run' and the righthand panel will change. Look for the item reading: ??? = "C:\WINDOWS\system\BRAINSPY .exe" The label for this trojan is set at random, however it will always point to the same exe file. Right click on the label and choose Delete. Next, on the left panel, click on RunServices. Find a key here which points to the same file, right click and delete it as well. Next, go back to the top of the Left panel, and (after closing HKEY_LOCAL_MACHINE) open >HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ Repeat the same process here, in both Run and RunServices. Close regedit. Now reboot your pc , when your machine restarts you will need to go to start , then to find and type in the following file name brainspy.exe once your computer finds this file then delete it . Reboot and your pc is fixed …


	Coma This trojan doesn't do much , it has basic functions such as listen ( basically a streaming keylogger ) and open close cd rom ( hasn't this trick got a bit lame ?? ) The only dangerous part of this trojan is that it has ftp and a hacker can upload a more dangerous trojan using coma as an entry trojan . Most virus scanners pick up this trojan anyway so having a good virus scanner will help in detecting this one . Removal : Open regedit by going to start , then to run and typing regedit . Follow the following path HKEY_LOCAL_MACHINE\SOFTWARE\MicroSoft\Windows\CurrentVersion\Run In the run folder there will be a line that says 'RunTime' = C:\windows\msgsrv36.exe Delete this line . Press ctrl-alt-del ONCE and look for the word BackDoor , left click on that word then choose end task at the bottom of the box . Now go to start then to find and look for the following file msgsrv36.exe when windows finds it right click on it and choose delete . All done ,,,,,,,,,