Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: doly trojan 1.1 and some other stuff

  1. #1
    Junior Member
    Join Date
    Jul 2001
    Posts
    2

    doly trojan 1.1 and some other stuff

    Hi people,
    I know, you on't like these things.
    I found out the the server of my school is infected bi following trojans:
    doly trojan 1.1
    Antigen
    Executor
    Wingate socket Proxy
    so, does anybody knows where I can get one of them, especially doly trojan 1.1

  2. #2
    Member
    Join Date
    Sep 2001
    Posts
    77
    From the server at your school
    I\'m not a BOT I\'m a beer droid!
    Prepare to be Assimilated.

  3. #3
    Old-Fogey:Addicts founder Terr's Avatar
    Join Date
    Aug 2001
    Location
    Seattle, WA
    Posts
    2,007

    Re: doly trojan 1.1 and some other stuff

    Originally posted by sakara
    Hi people,
    I know, you on't like these things.
    I found out the the server of my school is infected bi following trojans:
    doly trojan 1.1
    Antigen
    Executor
    Wingate socket Proxy
    so, does anybody knows where I can get one of them, especially doly trojan 1.1
    So you WANT them, not to REMOVE them? Well, there goes a large percentage of my intended post. If you want them, just go get infected. And toss in Netbus, BO, Sockets de Trois, Exbuz, script.ini, while you are at it... Just make sure you are good and infected, otherwise they might get away!
    [HvC]Terr: L33T Technical Proficiency

  4. #4
    Sakara i really like that cause hacking was my profession or u can say that is my profession abt. Doly Trojan according to u ur school lab is infected by the version 1.1 as far as i know this version has been outdated curently Doly 1.5, 1.6 and 1.7 is available , right amont them 1.7 is the most powerful trojan cause u can connect via ur victim to another person i mean u can connect to a third person with the help of ur vicitim via ur connected through Doly


    Abt. 1.1 version i don't think so u will find it anywhere but im looking for its port if u have its port number i can do the needfull , i m sure one can connect with DOLY 1.7 using port of DOLY 1.1

    Send me the port number and we will c what we can do

  5. #5
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,424
    KakoKoOl, you sure sound like a 'professional' hacker...

    BTW: Doly Trojan version 1.70 Second Edition and 2.0 beta are available for you 'professional' hackers...

    And for those not so 'professional' hackers:

    How to Remove Doly Trojan

    The first eight steps involve editing the registry and although the steps are relatively easy, I cannot be held responsible if a mistake is made. Please use caution.

    Step 1.
    Click START | RUN
    type REGEDIT and hit ENTER

    Step 2.
    In the left window, click the "+" (plus sign) to the left of the following:
    HKEY_LOCAL_MACHINE
    Software
    Microsoft
    Windows
    CurrentVersion
    Run

    Step 3.
    In the right window, look for a registry key with a Data value that loads the "tesk.exe" file. This is the registry key that provides the ability to load the server portion of the trojan whenever the PC is started.

    Step 4.
    In the right window, highlight the registry key that loads the file and press the DELETE key. Answer YES to delete the entry.

    Step 5.
    In the left window, click the "+" (plus sign) to the left of the following:
    HKEY_CURRENT_USER
    Software
    Microsoft
    Windows
    CurrentVersion
    Run

    Step 6.
    In the right window, look for a registry key with a Data value that loads the "tesk.exe" file. This is the registry key that provides the ability to load the server portion of the trojan whenever the PC is started.

    Step 7.
    In the right window, highlight the registry key that loads the file and press the DELETE key. Answer YES to delete the entry.

    Step 8.
    Exit the Registry

    Step 9.
    Click START | SHUTDOWN. Choose "Restart in MS-DOS mode" and click OK.

    Step 10.
    After the computer has restarted, change to the WINDOWS or WINDOWS\SYSTEM directory (e.g. CD WINDOWS or CD WINDOWS\SYSTEM) and delete the "tesk.exe" file (e.g. DEL tesk.exe).

    Step 11.
    Press CTRL-ALT-DEL and allow Windows to restart.

    Congratulations, Doly Trojan has now been removed from your system
    Since I'm a 'professional' hacker, I copy and pasted this how-to...

  6. #6
    Junior Member
    Join Date
    Oct 2001
    Posts
    13

    hehehe

    well i think that makes me a amateur 'hacker' then Negative.

    Just a thought...sakara why do you THINK that the server is infected with these trojans???

    If you did it via a port scan they are not neccesarily infected. What network software are they running? The ports may be open for other reasons.

  7. #7
    Senior Member
    Join Date
    Oct 2001
    Posts
    752

    Red face

    Yea, sure....you really sound like you know what you're doing.........*snicker*. I don't think you would know what to do with a trojan if you had one. Do you even know what a trojan is?

  8. #8
    Junior Member
    Join Date
    Oct 2001
    Posts
    13

    why why why?

    now why would you think a thing like that????

    Trojan Horse:

    A destructive program that masquerades as a benign application. Unlike a viruses, Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer.

    The term comes from a story in Homer's Iliad, in which the Greeks give a giant wooden horse to their foes, the Trojans, ostensibly as a peace offering. But after the Trojans drag the horse inside their city walls, Greek soldiers sneak out of the horse's hollow belly and open the city gates, allowing their compatriots to pour in and capture Troy.


    I'm sorry that you seem to think that a port can only be used by one program......

  9. #9
    Originally posted by Negative
    KakoKoOl, you sure sound like a 'professional' hacker...

    BTW: Doly Trojan version 1.70 Second Edition and 2.0 beta are available for you 'professional' hackers...

    And for those not so 'professional' hackers:



    Since I'm a 'professional' hacker, I copy and pasted this how-to...
    My Friend so far so good but if u C that Sakara is looking for the Trojan not to remove it he/she want to hack into the systems of the school he don't want to remove it if he want to remove the trojan well he can do that via software quite easily no need to run regedit and go into the registry looking for it .

  10. #10
    Old-Fogey:Addicts founder Terr's Avatar
    Join Date
    Aug 2001
    Location
    Seattle, WA
    Posts
    2,007
    Just Re Doly 1.1, here's a copy paste off of a Doly removal page... An old page I made when I helped out in Dalnet #NoHack... So it's my words, okay? I just felt: Hey, I've got the info here, why not get the old thing out?
    -------------------------------

    Names: Setup.exe (pretends to be a memory manager
    program.)
    Affects: Windows 9x
    Size:
    The Doly trojan, although not as common as some of the others,
    nevertheless poses a danger to your computer. An interesting feature is it's ability to
    connect to IRC and thus notify people that you are infected.

    Single button 'format harddisk' command

    FTP server of harddrive

    Can change 'owner name' shown in System control panel.

    Change window names, close, move, etc windows.

    Change most monitor settings.

    Thus far it is not possible to remove the Doly Trojan with a program, so
    manual removal is needed. Please come to #NoHack and have an Op help if
    you are not sure you can do it yourself.

    There are a few versions of the Doly trojan, from version 1.1 to 1.5, but
    we only have information on 1.1 and 1.35 removal.

    1.1 and 1.5 both add the following files:
    C:\WINDOWS\SYSTEM\Tesk.sys
    C:\WINDOWS\Start Menu\Programs\Startup\MStesk.exe
    C:\Program Files\MStesk.exe
    And 1.5 Adds:
    c:\Program Files\Mdm.exe

    Like SubSeven, Doly can not be deleted from within windows because the
    programs are in use. You must first go MS-DOS mode to remove the files.
    After that, you'll want to remove it's startup entries.

    There is one in c:\windows\win.ini, under a line beginning in either
    run= or load= .

    It adds registry lines to
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    \Ms tesk = "C:\Program Files\MStesk.exe

    And keeps it's settings information in:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ss

    Then you should remove to entries in autoexec.bat, namely:
    @echo off copy c:\sys.lon c:\windows\StartMenu\Startup Items\
    del c:\win.reg
    And then delete c:\sys.lon.
    [HvC]Terr: L33T Technical Proficiency

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •