Acid Shivers (modified) currently affects Windows 95/98 PC's.

The "server" portion is named "tour98.exe" and it's approximately 72Kb in size. It can usually be found in the either the WINDOWS or WINDOWS\SYSTEM directory.

Once installed, it is rerun every time the computer is started by means of an entry under the "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" branch in the Registry.

Who is Responsible?

Acid Shivers (modified) was written by the LEENTech Corporation.

Here are some of the functions that Acid Shivers (modified) offers:
- Lists most of the commands (description of command)
- Hide a task from control + alt + delete
- Show a hidden task in control + alt + delete
- List Contents of Current Directory
- List Contents of Current Directory
- Change To Specified Directory/Drive
- Clear Screen
- Kill Process by PID (Shown in PS)
- Shows Running Processes
- Deletes Specified Files
- Change Port Acid Shiver Listens on (Until Next Reboot)
- Change to default Windows Desktop folder
- Change to Windows Recent folder
- Change to default WS_FTP folder
- Show Version Number of Acid Shiver
- Show physical, RAM, CD-ROM, and Network drives
- Relay connection to host on port, Control + C to abort
- Sendkeys to active window
- Show ethernet stats and physical address
- Rename the users computer
- Shows DOS Environment variables
- Beeps the specified number of times
- Type 'CDROM' for more informationv - Terminate Acid Shiver
- Rename a specified disk drive
- Type 'Shutdown' for more information
- Retrives information on specified drive
- Disconnect a session by socket index show in 'STATUS'
- Shows users current system date
- Shows some general system information about host and user
- Show the state of all sockets used since last reboot
- Retrieve specified file
- Retrieve specified file in hex form
- Run the specified shell command
- Run the specified command and display results (may lock up)
- Make a new directory
- Remove a directory and all files and subdirectories inside

Here's a picture of what the "client" portion of the software looks like.

How to Remove Acid Shivers (modified)

The first five steps involve editing the registry and although the steps are relatively easy, I cannot be held responsible if a mistake is made. Please use caution.

Step 1.
Click START | RUN
type REGEDIT and hit ENTER

Step 2.
In the left window, click the "+" (plus sign) to the left of the following:
HKEY_LOCAL_MACHINE
Software
Microsoft
Windows
CurrentVersion
Run

Step 3.
In the right window, look for a registry key with a Data value that loads the "tour98.exe" file. This is the registry key that provides the ability to load the server portion of the trojan whenever the PC is started.

Step 4.
In the right window, highlight the registry key that loads the file and press the DELETE key. Answer YES to delete the entry.

Step 5.
Exit the Registry

Step 6.
Click START | SHUTDOWN. Choose "Restart in MS-DOS mode" and click OK.

Step 7.
After the computer has restarted, change to the WINDOWS or WINDOWS\SYSTEM directory (e.g. CD WINDOWS or CD WINDOWS\SYSTEM) and delete the "tour98.exe" file (e.g. DEL tour98.exe).

Step 8.
Press CTRL-ALT-DEL and allow Windows to restart.

Congratulations, Acid Shivers (modified) has now been removed from your system.

While Commodon Communications does not participate in or condone the activities of hacking. We recognize the need to educate persons who express an interest so they can better identify the activities associated and to better protect themselves and/or their organization. If you're interested in purchasing software for the purpose of learning the subject of hacking and Internet Security click here to visit our online store.