Last (2000)
Server name: Last
Version: 2000
Different versions: NA
Tested: Yes, on Windows 95 and Windows NT
Server size: 330K
Server files: Runvxd32.exe
Server icon:

Infects: Windows 95/98/ME
Autoloads: Registry and system.ini
Default port: 2000 TCP
Can port be changed: Yes

Server Features

  • Change resolution
  • Download file
  • File search
  • Registry manager
  • Run file
  • Upload file
  • Window manager

 
Comments 
Last 2000 is a chinese trojan. Since it is chinese we know very little about it. The name may not actually be last 2000, but we believe it is. We know there are many more features however we could not translate them. We do know the default password for this trojan is 1234. The trojan stores the password, port and file at: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.avi\.

How To Remove 
Quick fix: no quick fix programs
Manual removal:

  1. Open the system.ini(Usually c:\windows\system.ini) and remove the key: shell=Explorer.exe Runvxd32.exe under [boot], to shell=Explorer.exe. This can be done with any text editing program.
  2. Change the default value at HKEY_LOCAL_MACHINE\SOFTWARE\txtfile\shell\open\command to "C:\WINDOWS\NOTEPAD.EXE %1". 
  3. Reboot the computer or close whichever file is running: H_SERVER.exe or Runvxd32.exe.
  4. Delete the trojan file H_SERVER.exe and Runvxd32.exe in the windows system directory. 

 
Related 
Article: General removal info
Section: Test your knowledge, take our Trojan Quiz
Service: Trojan removal
Service: Tell a friend about this trojan
Service: Print this page
 
 
Copyright © 2000 and 2001, Dark Eclipse Software. All rights reserved. 
This page may not be redistributed or reproduced in any manner without specific written permission from Dark Eclipse Software. If permission to use this page is desired then contact Dark Eclipse Software. While we consider the content of this page to be accurate, we cannot guarantee either the accuracy or the appropriateness of any portion of the page, including our analysis and manual removal. 
Any actions taken by a reader in response to this or any other Dark Eclipse Software page are completely and solely their responsibility.