Trogan horse
 

My anti-virus software Northon will not detect this trogan horse on my machine. My firewall keeps reporting a hacker alert from a backdoor program "Deepthroat" trogan.


I updated the virus scanner and downloaded every single trogram remover program I could find. Nothing detects it.

Any suggestions?

Learn to spell fucker :321GFY

Trogan? Grogan?

what's up with the "g's" bro? Computer lisp?

so I spelled fucking trojan wrong.

I am also closing windows and programs are opened by a remote hacker.

took me 10 minutes to write this

relax. we were just goking...:1orglaugh

Close off port 6670

Hey Kenny I had a similar problem a while back, I edited all the files in the system32 folder which is were the hacker dumped his/her kit, sheeesh I found all sorts in there, via the date/time stamp on the files. The stuff all looks liked scripts for flooding and ddos attacks on IRC.

Nor saying its gonna cure the whole problem but at least you can screw the fucker up.

I only did this because I could not be assed re formatting, of yeah and I ramped up the Norton Firewall to Warp factor 10 not had a problem since.


RACEMAN :thumbsup good luck

Zone Alarm pro

This trojan adds a registry line not only when its run, but when its shutdown.
Version 1 used the name System32, and version 2 and 3 uses the name SystemTray.
This key will be located in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run

For version 1, look for the item 'System32', which should point to the file c:\windows\system32.exe
Version 2 or 3 will be listed under the item 'Systemtray', and should point to c:\windows\systray.exe
(Note: If you have an item 'SystemTray' = 'Systray.exe' with no path, then this points to C:\windows\system\ and is OK. Only copys residing in C:\windows are potentially dangerous.)

Becareful in that c:\windows\system\systray.exe is a real system program, and should NOT be deleted.

There is also a version, actually a modification to the DeepThroat server, called 'Reduced Foreplay'.
The removals for this version are the same as v2.0 or 3.0, however it does not have a numerical version.


First note the program/version it points to.. you will need to delete it later.

Next, go to start and shutdown.. Restart the computer in MSDos mode.
You should have a C:\windows prompt .. if not cd c:\windows to get to the right directory, and then delete the exe you found and noted using regedit. (del filename.exe)
Then type Exit to get back to windows, and then reboot your system.
After the reboot, go back to regedit and remove the registry entry. There is no need to reboot again, as the trojan was deleted.

Thats it. You should be uninfected!

For reference, DeepThroat's server is 305k in size and will open 3 ports. TCP 6670 for others to scan (But this will Not show in netstat), and UDP 3150 + 2140.