Exploiter (1.4)
Server name: Exploiter
Version: 1.4
Different versions:  [1.0 beta][1.0][1.1 delta][1.2][1.3 beta][1.3 delta][1.4]
Tested: Yes, on Windows 95 and Windows NT
Server size: 334K
Server files: server.exe
Server icon:

Infects: Windows 95/98/ME
Autoloads: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Key: Server.exe and Server
Default port: 21554 TCP
Can port be changed: Yes

Server Features

  • Caps lock on/off
  • Change IE start page
  • Change wallpaper
  • Chat with server
  • Disable/enable ALT-CTRL-DEL
  • Disable/enable ALT-TAB
  • Disconnect modem
  • Download file
  • Email notification
  • Get AIM passwords
  • Get AOL passwords
  • Get ICQ passwords
  • Get passwords
  • Get screen shot
  • Get time
  • Hide/show clock
  • Hide/show desktop
  • Hide/show start button
  • Hide/show system tray
  • Hide/show task bar
  • ICQ notification
  • Logoff, power off, reboot or shutdown windows
  • File manager
  • Monitor on/off
  • Mouse on/off
  • Nums lock on/off
  • Open/close CD-Rom
  • Ping server
  • Play sound
  • Send email through server
  • Send ICQ page through server
  • Send message
  • Show picture
  • Vlew/close applications

 
Comments 
Exploiter 1.4 is a trojan with many features. Exploiter 1.4 delta can send email and/or ICQ pages through the server. This means someone could use your computer to send email and if the email was traced it would be your computer. This version now has an edit server program. This edit server program allows various notification methods to be configured. The following methods can be used for notification: calling a specific phone number, SMS message (cell phone messages), ICQ pages to a ICQ UIN and email to a specific email address. When we tested the Exploiter server it simply crashed. When we tried to use the client it simply crashed also. 

How To Remove 
Quick fix: no quick fix programs
Manual removal:

  1. Remove the Server.exe and key in the registry located at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run  Which can be done with regedit or any other registry editing program. 
  2. Reboot the computer or close Server.exe.
  3. Delete the trojan file Server.exe in the windows directory. 

 
Related 
Article: General removal info
Section: Test your knowledge, take our Trojan Quiz
Service: Trojan removal
Service: Tell a friend about this trojan
Service: Print this page
 
 
Copyright © 2000 and 2001, Dark Eclipse Software. All rights reserved. 
This page may not be redistributed or reproduced in any manner without specific written permission from Dark Eclipse Software. If permission to use this page is desired then contact Dark Eclipse Software. While we consider the content of this page to be accurate, we cannot guarantee either the accuracy or the appropriateness of any portion of the page, including our analysis and manual removal. 
Any actions taken by a reader in response to this or any other Dark Eclipse Software page are completely and solely their responsibility.