|
Fakeftp
Fake ftp is a basic trojan , it installs an ftp server on the victims computer , if you don't know what a ftp server is , it's a file transfer server allowing the hacker access to the victims files where the hacker can doiwnload , upload delete etc .
Another interesting thing about this trojan is it isnt the uasal executable type of file ( .exe ) but instead it comes in a made up file format called .tww . The trojan will make windows treat this as a executable and infect the victim . This trojan will run on windows 95/98 and also windows NT
How to remove this trojan :
Open RegEdit. Click on Start, and choose Run. In the box type regedit, then click Run.
You can click on the + boxes to open a folder. You will want to open folders to follow this path:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
When you click on Run, the right hand panel will change.
You should see an item titled Rundll32 = rundll3.tww /h
Right click on the Rundll32 label and choose Delete.
Repeat this with the following path:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
You should see an item titled Rundll32 = rundll3.tww /h
Right click on the Rundll32 label and choose Delete.
Close regedit to save these changes.
Next, open windows explorer, and open your C:\windows\ folder.
You will want to find and delete the following three files:
rundll3.bat - 9x.reg - nt.reg
Then you will want to restart your computer, this will remove the trojan from memory.
When the system starts up, use the windows Find command and search for rundll3.tww
Delete Any instance of this that shows. There should be atleast one copy in c:\windows\ and one in C:\windows\temp\
|
|
