Doly Trojan currently affects Windows 95/98 PC's.

The "server" portion is named "tesk.exe". It's approximately 169Kb in size and can usually be found in the either the WINDOWS or WINDOWS\SYSTEM directory.

Ports 1011 and 21 (by default) are used to establish the connection between the "client" and "server".

Once installed, it is rerun every time the computer is started by means of entries under the "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" and the "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" branch in the Registry.

Who is Responsible?

Doly Trojan was written by an individual named the-H-man.

Here are some of the functions that Doly Trojan offers:

- Enable/Disable the double click mouse
- Set's system colors
- FBI Screen - Disconnect from the Internet
- Move mouse to max point
- Turn the computer to sleep mode
- Process list - Remove windows background
- Show/Hide the Taskbar
- Swap the mouse buttons
- Show/Hide the mouse
- Change the title color to random color
- Change the display resolution to 640x480
- Open FTP server
- Open/Close CD-ROM
- Change the sound volume (max/min)
- Show/Stop error screen
- Close all windows
- Format HDD
- Run program
- Run program in hidden mode
- Send fatal error message
- Set the names for all windows
- Set the computer name
- Go to URL
- Change owner name
- Close server
- Remove server

Here's a picture of what the "client" portion of the software looks like.

How to Remove Doly Trojan

The first eight steps involve editing the registry and although the steps are relatively easy, I cannot be held responsible if a mistake is made. Please use caution.

Step 1.
Click START | RUN
type REGEDIT and hit ENTER

Step 2.
In the left window, click the "+" (plus sign) to the left of the following:
HKEY_LOCAL_MACHINE
Software
Microsoft
Windows
CurrentVersion
Run

Step 3.
In the right window, look for a registry key with a Data value that loads the "tesk.exe" file. This is the registry key that provides the ability to load the server portion of the trojan whenever the PC is started.

Step 4.
In the right window, highlight the registry key that loads the file and press the DELETE key. Answer YES to delete the entry.

Step 5.
In the left window, click the "+" (plus sign) to the left of the following:
HKEY_CURRENT_USER
Software
Microsoft
Windows
CurrentVersion
Run

Step 6.
In the right window, look for a registry key with a Data value that loads the "tesk.exe" file. This is the registry key that provides the ability to load the server portion of the trojan whenever the PC is started.

Step 7.
In the right window, highlight the registry key that loads the file and press the DELETE key. Answer YES to delete the entry.

Step 8.
Exit the Registry

Step 9.
Click START | SHUTDOWN. Choose "Restart in MS-DOS mode" and click OK.

Step 10.
After the computer has restarted, change to the WINDOWS or WINDOWS\SYSTEM directory (e.g. CD WINDOWS or CD WINDOWS\SYSTEM) and delete the "tesk.exe" file (e.g. DEL tesk.exe).

Step 11.
Press CTRL-ALT-DEL and allow Windows to restart.

Congratulations, Doly Trojan has now been removed from your system.

While Commodon Communications does not participate in or condone the activities of hacking. We recognize the need to educate persons who express an interest so they can better identify the activities associated and to better protect themselves and/or their organization. If you're interested in purchasing software for the purpose of learning the subject of hacking and Internet Security click here to visit our online store.