The Invasor 1.0

The Invasor (1.0)
Server name: The Invasor
Version: 1.0
Different versions: None
Tested: Yes, on Windows 95 and Windows NT
Server size: 247K
Server files: runme.exe
Server icon:

Infects: Windows 95/98/ME
Autloads: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ Key: SystemDLL32
Default port: 2140 UDP, 3150 UDP
Can port be changed: No

Server Features

Delete win.com
File manager
Format computer
Get ICQ password
Get passwords
Get screen shot
Open/Close Cd-Rom
Play sound
Send message
Shutdown computer

Comments
The Invasor is a old trojan. In the version we have, the readme says to run the server on yourself so that The Invasor shall work. So, probably more people have infected themselves other then people infecting others.

How To Remove
Quick fix: no quick fix programs
Manual removal:

Remove the SystemDLL32 key in the registry located at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Which can be done with regedit or any other registry editing program. Rember the value of SystemDLL32 so you can actually delete the trojan in step 3.
Reboot the computer or close the trojan file in the SystemDLL32.
Delete the trojan file that is listed in the SystemDLL32 key in the windows directory.

Related
Article: General removal info
Section: Test your knowledge, take our Trojan Quiz
Service: Trojan removal
Service: Tell a friend about this trojan
Service: Print this page

Copyright © 2000 and 2001, Dark Eclipse Software. All rights reserved.
This page may not be redistributed or reproduced in any manner without specific written permission from Dark Eclipse Software. If permission to use this page is desired then contact Dark Eclipse Software. While we consider the content of this page to be accurate, we cannot guarantee either the accuracy or the appropriateness of any portion of the page, including our analysis and manual removal.
Any actions taken by a reader in response to this or any other Dark Eclipse Software page are completely and solely their responsibility.