Backdoor
Server name: BackDoor
Version: 2.03
Different versions: NA
Server sizes: 10K (icqnuke) 100K (readme)
Server files: icqnuke.exe, readme.exe
Server icons:

Infects: Windows 95/98/ME/NT/2000
Autoloads: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Key: Notepa
Default port: 1999
Can port be changed: Yes

Server Features

  • Chat with server
  • Disable alt-ctrl-del and ctrl-esc
  • File manger
  • Get computename/netname/username
  • Hide Task Bar
  • Lock mouse
  • Open/Close CD rom
  • Popup error msg
  • View tasks running
  • Window controls (Show, rename, hide, etc...) 

 
Comments 
BackDoor 2.03 is a Visual Basic trojan. The trojan comes with two files icqnuke.exe and readme.exe. When icqnuke.exe was ran it moved readme.exe to notpa.exe in the windows directory.

How To Remove 
Quick fix: no quick fix programs
Manual removal:

  1. Delete the registry key named notpa located at KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\.    This can be done using regedit or another registry editing program.
  2. Reboot the computer or close the trojan.
  3. Delete the trojan file notpa in the windows directory
Related 
Article: General removal info
Section: Test your knowledge, take our Trojan Quiz
Service: Trojan removal
Service: Tell a friend about this trojan
Service: Print this page
 
 
Copyright © 2000 and 2001, Dark Eclipse Software. All rights reserved. 
This page may not be redistributed or reproduced in any manner without specific written permission from Dark Eclipse Software. If permission to use this page is desired then contact Dark Eclipse Software. While we consider the content of this page to be accurate, we cannot guarantee either the accuracy or the appropriateness of any portion of the page, including our analysis and manual removal. 
Any actions taken by a reader in response to this or any other Dark Eclipse Software page are completely and solely their responsibility.