-
October 1st, 2001, 09:42 PM
#1
Junior Member
doly trojan 1.1 and some other stuff
Hi people,
I know, you on't like these things.
I found out the the server of my school is infected bi following trojans:
doly trojan 1.1
Antigen
Executor
Wingate socket Proxy
so, does anybody knows where I can get one of them, especially doly trojan 1.1
-
October 1st, 2001, 09:54 PM
#2
Member
From the server at your school
I\'m not a BOT I\'m a beer droid!
Prepare to be Assimilated.
-
October 2nd, 2001, 12:05 AM
#3
Re: doly trojan 1.1 and some other stuff
Originally posted by sakara
Hi people,
I know, you on't like these things.
I found out the the server of my school is infected bi following trojans:
doly trojan 1.1
Antigen
Executor
Wingate socket Proxy
so, does anybody knows where I can get one of them, especially doly trojan 1.1
So you WANT them, not to REMOVE them? Well, there goes a large percentage of my intended post. If you want them, just go get infected. And toss in Netbus, BO, Sockets de Trois, Exbuz, script.ini, while you are at it... Just make sure you are good and infected, otherwise they might get away!
[HvC]Terr: L33T Technical Proficiency
-
October 9th, 2001, 04:58 PM
#4
Sakara i really like that cause hacking was my profession or u can say that is my profession abt. Doly Trojan according to u ur school lab is infected by the version 1.1 as far as i know this version has been outdated curently Doly 1.5, 1.6 and 1.7 is available , right amont them 1.7 is the most powerful trojan cause u can connect via ur victim to another person i mean u can connect to a third person with the help of ur vicitim via ur connected through Doly
Abt. 1.1 version i don't think so u will find it anywhere but im looking for its port if u have its port number i can do the needfull , i m sure one can connect with DOLY 1.7 using port of DOLY 1.1
Send me the port number and we will c what we can do
-
October 9th, 2001, 05:26 PM
#5
KakoKoOl, you sure sound like a 'professional' hacker...
BTW: Doly Trojan version 1.70 Second Edition and 2.0 beta are available for you 'professional' hackers...
And for those not so 'professional' hackers:
How to Remove Doly Trojan
The first eight steps involve editing the registry and although the steps are relatively easy, I cannot be held responsible if a mistake is made. Please use caution.
Step 1.
Click START | RUN
type REGEDIT and hit ENTER
Step 2.
In the left window, click the "+" (plus sign) to the left of the following:
HKEY_LOCAL_MACHINE
Software
Microsoft
Windows
CurrentVersion
Run
Step 3.
In the right window, look for a registry key with a Data value that loads the "tesk.exe" file. This is the registry key that provides the ability to load the server portion of the trojan whenever the PC is started.
Step 4.
In the right window, highlight the registry key that loads the file and press the DELETE key. Answer YES to delete the entry.
Step 5.
In the left window, click the "+" (plus sign) to the left of the following:
HKEY_CURRENT_USER
Software
Microsoft
Windows
CurrentVersion
Run
Step 6.
In the right window, look for a registry key with a Data value that loads the "tesk.exe" file. This is the registry key that provides the ability to load the server portion of the trojan whenever the PC is started.
Step 7.
In the right window, highlight the registry key that loads the file and press the DELETE key. Answer YES to delete the entry.
Step 8.
Exit the Registry
Step 9.
Click START | SHUTDOWN. Choose "Restart in MS-DOS mode" and click OK.
Step 10.
After the computer has restarted, change to the WINDOWS or WINDOWS\SYSTEM directory (e.g. CD WINDOWS or CD WINDOWS\SYSTEM) and delete the "tesk.exe" file (e.g. DEL tesk.exe).
Step 11.
Press CTRL-ALT-DEL and allow Windows to restart.
Congratulations, Doly Trojan has now been removed from your system
Since I'm a 'professional' hacker, I copy and pasted this how-to...
-
October 10th, 2001, 03:53 AM
#6
Junior Member
hehehe
well i think that makes me a amateur 'hacker' then Negative.
Just a thought...sakara why do you THINK that the server is infected with these trojans???
If you did it via a port scan they are not neccesarily infected. What network software are they running? The ports may be open for other reasons.
-
October 10th, 2001, 04:03 AM
#7
Yea, sure....you really sound like you know what you're doing.........*snicker*. I don't think you would know what to do with a trojan if you had one. Do you even know what a trojan is?
-
October 10th, 2001, 04:11 AM
#8
Junior Member
why why why?
now why would you think a thing like that????
Trojan Horse:
A destructive program that masquerades as a benign application. Unlike a viruses, Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer.
The term comes from a story in Homer's Iliad, in which the Greeks give a giant wooden horse to their foes, the Trojans, ostensibly as a peace offering. But after the Trojans drag the horse inside their city walls, Greek soldiers sneak out of the horse's hollow belly and open the city gates, allowing their compatriots to pour in and capture Troy.
I'm sorry that you seem to think that a port can only be used by one program......
-
October 10th, 2001, 06:08 AM
#9
Originally posted by Negative
KakoKoOl, you sure sound like a 'professional' hacker...
BTW: Doly Trojan version 1.70 Second Edition and 2.0 beta are available for you 'professional' hackers...
And for those not so 'professional' hackers:
Since I'm a 'professional' hacker, I copy and pasted this how-to...
My Friend so far so good but if u C that Sakara is looking for the Trojan not to remove it he/she want to hack into the systems of the school he don't want to remove it if he want to remove the trojan well he can do that via software quite easily no need to run regedit and go into the registry looking for it .
-
October 10th, 2001, 07:35 AM
#10
Just Re Doly 1.1, here's a copy paste off of a Doly removal page... An old page I made when I helped out in Dalnet #NoHack... So it's my words, okay? I just felt: Hey, I've got the info here, why not get the old thing out?
-------------------------------
Names: Setup.exe (pretends to be a memory manager
program.)
Affects: Windows 9x
Size:
The Doly trojan, although not as common as some of the others,
nevertheless poses a danger to your computer. An interesting feature is it's ability to
connect to IRC and thus notify people that you are infected.
Single button 'format harddisk' command
FTP server of harddrive
Can change 'owner name' shown in System control panel.
Change window names, close, move, etc windows.
Change most monitor settings.
Thus far it is not possible to remove the Doly Trojan with a program, so
manual removal is needed. Please come to #NoHack and have an Op help if
you are not sure you can do it yourself.
There are a few versions of the Doly trojan, from version 1.1 to 1.5, but
we only have information on 1.1 and 1.35 removal.
1.1 and 1.5 both add the following files:
C:\WINDOWS\SYSTEM\Tesk.sys
C:\WINDOWS\Start Menu\Programs\Startup\MStesk.exe
C:\Program Files\MStesk.exe
And 1.5 Adds:
c:\Program Files\Mdm.exe
Like SubSeven, Doly can not be deleted from within windows because the
programs are in use. You must first go MS-DOS mode to remove the files.
After that, you'll want to remove it's startup entries.
There is one in c:\windows\win.ini, under a line beginning in either
run= or load= .
It adds registry lines to
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
\Ms tesk = "C:\Program Files\MStesk.exe
And keeps it's settings information in:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ss
Then you should remove to entries in autoexec.bat, namely:
@echo off copy c:\sys.lon c:\windows\StartMenu\Startup Items\
del c:\win.reg
And then delete c:\sys.lon.
[HvC]Terr: L33T Technical Proficiency
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|