--ooOoo--
Trojan
Stuff
-
Trojans can be
considered as a backdoor to yr system, ie "illegal" spying inside yr PC.
-
Trojans are programs
acting as servers that responds to their clients via selected
ports
-
Be very cautious when downloading pgms becos some of thse trojans are mebeeded inside even a hacking programs.
Always download anything from the primary source.
When downloading a trojan tool - pls remember that u are actually downloading 2 parts of a pgm -
the server part N the client part. Most people endup activating the server part when playing such tools!
(The server part should remain INACTIVE unless u want to let others to peek inside yr clothes?)
Always backup yr windows registry file. U can use the scanreg command in Win98 (via Startmenu - Run) or
manually copying the SYSTEM.DAT and USER.DAT in the WINDOWS directory.
Suppose yr windows is in C:\WINDOWS
Goto DOS Prompt. Type
cd \windows
attrib *.da? -s -h -r
xcopy *.da? \windows\regbkp (where regbkp is a directory to store yr files)
Besides, make sure u copy the WSOCK*.* files in yr SYSTEM directory to a safe place.
Some worms/trojans modify these WSOCK file to annoy u later.
cd \windows\system
xcopy WSOCK*.* C:\windows\regbkp
Lastly make sure u have the latest WINSOCK files. These files are available at the microsoft site.
They are distributed under the DUN (dial up networking) package. Perform backup after updating yr winsock.
-
Solution:
U can download/study trojan/cleaners from
-
The Trojan Info
Page
Site give full details which I recommend u reading them or
-
Get The
Cleaner
-
Download Norton
freeNAV
-
or u can traceback
with
-
Nuke
Nabber (after adding the trojan ports in Advanced section)
-
finally always
check with windows regedit (Start - Run - regedit) any unknown pgm inside
this reg key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
-
or
-
inspect with
Windows DOS PROMPT command (make sure no Port Listener (such as NukeNabber/Genius) is running while checking)
-
netstat -an|more
-
(Back Orifice
possibly replies with:
UDP 0.0.0.0:31337 *:*
NetBus possibly replies with:
TCP 0.0.0.0:12345 *:*
TCP 0.0.0.0:12346 *:* )
-
Use Nuke
Nabber
(N add these trojan ports in by
Clicking File/Options/Advanced/
-move down if its not there then-
Add Modify Port/fill in )
port
21 - Blade Runner, Doly Trojan, Fore, Invisible FTP, WebEx, WinCrash
port
23 - Tiny Telnet Server
port
25 - Antigen, Email Password Sender, Haebu Coceda, Shtrilitz Stealth,
Terminator, WinPC, WinSpy
port
31 - Hackers Paradise
port
80 - Executor
port
456 - Hackers Paradise
port
555 - Ini-Killer, Phase Zero, Stealth Spy
port
666 - Satanz Backdoor
port
1001 - Silencer, WebEx
port
1011 - Doly Trojan
port
1170 - Psyber Stream Server, Voice
port
1234 - Ultors Trojan
port
1245 - VooDoo Doll
port
1492 - FTP99CMP
port
1600 - Shivka-Burka
port
1807 - SpySender
port
1981 - Shockrave
port
1999 - BackDoor
port
2001 - Trojan Cow
port
2023 - Ripper
port
2115 - Bugs
port
2140 - Deep Throat, The Invasor
port
2801 - Phineas Phucker
port
3024 - WinCrash
port
3129 - Masters Paradise
port
3150 - Deep Throat, The Invasor
port
3700 - Portal of Doom
port
4092 - WinCrash
port
4590 - ICQTrojan
port
5000 - Sockets de Troie
port
5001 - Sockets de Troie
port
5321 - Firehotcker
port
5400 - Blade Runner
port
5401 - Blade Runner
port
5402 - Blade Runner
port
5569 - Robo-Hack
port
5742 - WinCrash
port
6670 - DeepThroat
port
6771 - DeepThroat
port
6969 - GateCrasher, Priority
port
7000 - Remote Grab
port
7300 - NetMonitor
port
7301 - NetMonitor
port
7306 - NetMonitor
port
7307 - NetMonitor
port
7308 - NetMonitor
port
7789 - ICKiller
port
9872 - Portal of Doom
port
9873 - Portal of Doom
port
9874 - Portal of Doom
port
9875 - Portal of Doom
port
9989 - iNi-Killer
port
10067 - Portal of Doom
port
10167 - Portal of Doom
port
11000 - Senna Spy
port
11223 - Progenic trojan
port
12223 - Hack´99 KeyLogger
port
12345 - GabanBus, NetBus
port
12346 - GabanBus, NetBus
port
12361 - Whack-a-mole
port
12362 - Whack-a-mole
port
16969 - Priority
port
20001 - Millennium
port
20034 - NetBus 2 Pro
port
21544 - GirlFriend
port
22222 - Prosiak
port
23456 - Evil FTP, Ugly FTP
port
26274 - Delta
port
31337 - Back Orifice
port
31338 - Back Orifice, DeepBO
port
31339 - NetSpy DK
port
31666 - BOWhack
port
33333 - Prosiak
port
34324 - BigGluck, TN
port
40412 - The Spy
port
40421 - Masters Paradise
port
40422 - Masters Paradise
port
40423 - Masters Paradise
port
40426 - Masters Paradise
port
47262 - Delta
port
50505 - Sockets de Troie
port
50766 - Fore
port
53001 - Remote Windows Shutdown
port
61466 - Telecommando
port
65000 - Devil
Trojan Dangerous Stuff
-
Now u know - hackers or big brother agents probe your computer ports
and try to identify what sort of system u are using and is there any
unprotected doors left open.
Using such holes they can spy on u plus do notorious stuff such as:-
- yr surfing sessions in your browser cache
- yr passwords file in netscape user preference file
- install customised password protected trojans at unknown ports
- install a probe to their ICQ no whenever they are online
- look for password files in FTP programs in yr PC
- retrieve all yr passwords in Dialup Networking, *.PWL
- or those password to your internet WWW servers and routers!
- and finally
- renders yr Windows useless by
attrib -s -h -r *.da?
del *.da?
in c:\windows
Other Anti Trojan Tools Stuff
-
The idea is to protect, block, and log any attempt to probe unknown
ports into yr system.
This is what people called a Port Listener/PC firewall
Choose any suitable program below but make sure they do not slow down yr PC.
Some of these tools are copy protected but u can search
the crack using batman's collections. (I can't link from here - dangerous!)
--ooOoo--
Investigate Anyone Using the Internet Webdetective
|