BackWeb Server

BackWeb Server (Deep Throat 2)
Server name: BackWeb Server
Version: Na
Different versions: None
Tested: Yes, on Windows 95 and Windows NT
Server size: 390K
Server files: systempatch.exe
Server icon:

Infects: Windows 95/98/ME
Autloads: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ Key: Systemtray
Default port: 6670
Can port be changed: Yes

Server Features

Deep Throat 2 features

Comments
BackWeb Server is a fake Deep Throat 2 server. It has all the features and infects the same way. The only difference is it unpacks webserver.exe which pops up a fake error when running.

How To Remove
Quick fix: no quick fix programs
Manual removal:

Remove the Systemtray key in the registry located at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Which can be done with regedit or any other registry editing program
Reboot the computer or close Windll.exe
Delete the trojan files pddt.dat, systemio.exe, acde.dat, acdt.dat in the windows system directory.

Related
Article: General removal info
Section: Test your knowledge, take our Trojan Quiz
Service: Trojan removal
Service: Tell a friend about this trojan
Service: Print this page

Copyright © 2000 and 2001, Dark Eclipse Software. All rights reserved.
This page may not be redistributed or reproduced in any manner without specific written permission from Dark Eclipse Software. If permission to use this page is desired then contact Dark Eclipse Software. While we consider the content of this page to be accurate, we cannot guarantee either the accuracy or the appropriateness of any portion of the page, including our analysis and manual removal.
Any actions taken by a reader in response to this or any other Dark Eclipse Software page are completely and solely their responsibility.