The Matrix (1.03)
Server name: TheMatrix
Version: 1.03
Different versions: NA
Tested: Yes, on Windows 95 and Windows NT
Server size: 248K
Server files: Encrypt.exe
Server icon:

Infects: Windows 95/98/ME
Autoloads: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Key: Encrypt
Default port: 1272 TCP
Can port be changed: Yes

Server Features

  • Chat
  • Disable/enable CTRL-ALT-DEL
  • File manager
  • Get passwords
  • Hide/show clock
  • Hide/show start button
  • Key logger (online only)
  • Matrix code on/off
  • Open/close CD-Rom
  • Send to URL
  • System crash
  • View/kill process

 
Comments 
The Matrix 1.03 is a Polish trojan. Because the client is a mix of Polish and English, we could not determine all of the features. The server can have its registry key, file name and port number changed prior to infection. The registry key and file name are always the same, however. Thus, if the file name is iamatrojan.exe then the registry key will be iamatrojan. 

How To Remove 
Quick fix: no quick fix programs
Manual removal:

  1. Remove the Encrypt key in the registry located at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Which can be done with regedit or any other registry editing program.
  2. Reboot the computer or close Encrypt.exe.
  3. Delete the trojan file Encrypt.exe in the windows directory. 

 
Related 
Article: General removal info
Section: Test your knowledge, take our Trojan Quiz
Service: Trojan removal
Service: Tell a friend about this trojan
Service: Print this page
 
 
Copyright © 2000 and 2001, Dark Eclipse Software. All rights reserved. 
This page may not be redistributed or reproduced in any manner without specific written permission from Dark Eclipse Software. If permission to use this page is desired then contact Dark Eclipse Software. While we consider the content of this page to be accurate, we cannot guarantee either the accuracy or the appropriateness of any portion of the page, including our analysis and manual removal. 
Any actions taken by a reader in response to this or any other Dark Eclipse Software page are completely and solely their responsibility.