The Infector (1.7)
Server name: The Infector 
Version: 1.7
Different versions:  [1.0][1.3][1.4][1.4.2][1.6][1.6.3][1.7][1.7 version 2][17 bonus]
Tested: Yes, on Windows 95 and Windows NT
Server size: 649K
Server files: server.exe
Server icon:

Infects: Windows 95/98/ME
Autloads: System.ini: shell=Explorer.exe c:\FC32.exe under [boot]
Default port: 17569 TCP and 24000 TCP
Can port be changed: Yes

Server Features

  • Application manager
  • Chat with server
  • Enable/disable Ctrl-Alt-Del 
  • File manager 
  • Get screen shot 
  • Hide/show icons
  • ICQ notify 
  • Key logger
  • Open URL 
  • Open/close CD-Rom 
  • Play movie file
  • Play sound
  • Remove server 
  • Run file 
  • Send keys
  • Show/hide desktop icons 
  • Shutdown, reboot, log off, or power off Windows 
  • Upload file 
  • View/close running applications 

 
Comments 
The Infector 1.7 is the first trojan we have seen to use Flash. Of course it is using Flash in its client. This version has a new client and a few new features. Like previous versions the server is large because it is released uncompressed. This allows the server to be compressed by a "hacker" and not be detected by trojan scanners. The Infector 1.7 creates a file setup.int. Setup.int is a plaintext (you can view in notepad) file which logs all of the keys you have typed. 

Note: This is a trojan that can be submitted to us for analysis. We can possibly determine for you the password that was used and the ICQ UIN that was being notified. For more information on submitting trojan files to us read here.

How To Remove 
Quick fix: no quick fix programs
Manual removal:

  1. Change the shell=Explorer.exe FC32.exe to shell=Explorer.exe in the system.ini under [boot]. Which can be done with any other text editing program 
  2. Reboot the computer or close FC32.exe.
  3. Delete the trojan files d3x.drv, FC32.exe and setup.int in the windows directory. 

 
Related 
Article: General removal info
Section: Test your knowledge, take our Trojan Quiz
Service: Trojan removal
Service: Tell a friend about this trojan
Service: Print this page
 
 
Copyright © 2000 and 2001, Dark Eclipse Software. All rights reserved. 
This page may not be redistributed or reproduced in any manner without specific written permission from Dark Eclipse Software. If permission to use this page is desired then contact Dark Eclipse Software. While we consider the content of this page to be accurate, we cannot guarantee either the accuracy or the appropriateness of any portion of the page, including our analysis and manual removal. 
Any actions taken by a reader in response to this or any other Dark Eclipse Software page are completely and solely their responsibility.