Services    Trojan info    Chat    Downloads      About Us      Contact  Us     Help Forum     Support Us    Search

Hack office armeggedon  info thanks to tyrant
Default port used : 88798 (maybe it can be re-configured by sender)
auto-rename when opened = yes
possible renamed filenames =  shotokan/tyrant/masskill/destroits/hunkyponky/kickwall/syseditt/regeditt/wininin or shoushi
ability to choose what filename to be auto-renamed
registry name = decided upon configuration by the sender
functions : all of Netbus 2.0 Pro & Back Orifice & Master Paradise
: capture dial-in password
: repeated screendump
: install remote keylogger (records up to 5000 keys max)
: install a virus called wincorrupt.cih into memory
: can automatically opens cd rom once upon reaching
desktop
: change screen's resolution and colours
: change desktop's wallpaper
: ICQ/email notify
: auto-random rename everytime system restarts (filename is cycled among the 10 given)
: ICQ-like chat can be established
: getting the host's irc-related passwords
: getting the host's ICQ UIN
: getting the host's current irc nick
: can delete registry keys
: can enable mail capture (every mail u send out is also
sent to the email add configured beforehand by the hacker)
Hack Office-Armageddon gives away itself by opening up (by default)

Drat
This is a nasty trojan . Drat has the ability to attack every exe file on your computer so when you run  a file that has .exe as its extension name it will run the trojan . Deleting the trojan will really screw your pc because it will disable all your executable files . It can be removed but shouldn't be tried by  beginners

Removal :
Restart your computer in MS-DOS mode. All of the steps below will be carried out in DOS.
You should be at a C:\windows\> prompt.
Any text in blue  means you should type it on the DOS line.
Make sure you are at the C:\Windows\> prompt now.

rename shell32.exe shell32.___
This is the trojan, and renaming it keeps windows from loading it again.
From this point on, windows cannot run .exe and .bat files.

cd ..
Simply to move back one dir into C:\

regedit /e file.reg hkey_classes_root\exefile\shell\open\command
This will export the registry key that needs to be edited, and place it in a file.

edit file.reg
Opens the file in your text editor.
In this file, look for the line that reads:
@="SHELL32 \"%1\" %*"
And edit so it reads:
@="\"%1\" %*"
Save the file and exit edit.

regedit file.reg
This imports the edit you just made Back into the registry.

exit
You will now be taken back to windows.
Verify that you can indeed run an .exe program, without windows asking to find shell32.

If windows asks to find shell32, you will need to attempt these directions again.

Now you will need to delete shell32.___