Ashley (1.1.0)
Server name: Ashley
Version: 1.1.0
Different versions: [1.0.1][1.1.0][1.1.02]
Tested: Yes, on Windows 95 and Windows NT
Server size: 13K, 16K or 16.5K 
Server files: ashley.exe
Server icon:

Infects: Windows 95/98/ME
Autoloads: No
Default port: NA
Can port be changed: No

Server Features

  • Destroy netstat
  • Display error message
  • Download and run a file
  • Mass server command
  • Spread via mIRC and/or Outlook

 
Comments 
Ashley 1.1.0 is an upload trojan. When running, Ashley downloads a file from a web site and then runs the downloaded file. Unlike other upload trojans this one can infect other computers via mIRC and Outlook. This version comes with 3 different servers. All of the servers download a file and then run the file, which is what the first server does. However the second tries to infect on mIRC and Outlook. The third tries to infect on mIRC and Outlook also, with a different method for the Outlook infecting. Note that Ashley, when modifying mIRC, changes the auto accept dcc files to true and changes the quit message to "Ashley". Ashley is programmed in Visual Basic and needs Visual Basic runtime files which reduces its chances to spread. Ashley 1.1.0 can have a customized error message displayed upon running Ashley. This version also has a mass server command. The Ashley servers will read a.txt from a web site and do one of the following: Stop all trojan activities, download the trojan again from the web site, ICQ notify, or destroy computer. 

How To Remove 
Quick fix: no quick fix programs
Manual removal:

  1. Delete the trojan file ashley_secret_xxx_diary.exe in the windows system directory. 

 
Related 
Article: General removal info
Section: Test your knowledge, take our Trojan Quiz
Service: Trojan removal
Service: Tell a friend about this trojan
Service: Print this page
 
 
Copyright © 2000 and 2001, Dark Eclipse Software. All rights reserved. 
This page may not be redistributed or reproduced in any manner without specific written permission from Dark Eclipse Software. If permission to use this page is desired then contact Dark Eclipse Software. While we consider the content of this page to be accurate, we cannot guarantee either the accuracy or the appropriateness of any portion of the page, including our analysis and manual removal. 
Any actions taken by a reader in response to this or any other Dark Eclipse Software page are completely and solely their responsibility.