Deep Throat v2 currently affects Windows 95/98 PC's. It's rumored that the author is working on a Windows NT version.

In this version of Deep Throat, the trojan deletes the existing "systray.exe" which is normally 36kb in size with the "server" portion, which is approximately 301kb in size.

TCP port 6670, UDP Port 2140 and UDP port 3150 are used to establish its connection between the "client" and "server".

Once installed, it is rerun every time the computer is started by means of an entry under the "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" branch in the Registry.

Who is Responsible?

Deep Throat was written by an individual known as ^Cold^ KiLler, CEO of DarkLIGHT Corp. His reasoning behind creating Deep Throat appears to be the same reasoning as others have offered. It was done for fun...

Taken from it's readme.txt file, below are some of the functions that Deep Throat offers:
- Ejecting And Closing The CD-ROM Drive - Ummmmmmmmm it unscrews the CD-ROM and Ejects it across the room, Honist
- Msg Box - Sends a Msg Box To The Host
- Hide\Show Startbar - Really Funny When Used On PPL Who Know Nothing)
- FTP Server - Starts a FTP Server (On Port 21) Which Allows you too upload/download load files from the host (FTP CLIENT NEEDED)
- Capture Screen - Captures the screen to a Jpeg around 80Kb and sends it to you. When it is fully Downloaded RemoteControl displays the JPG with your computers JPG image viewer probbally Internet Explorer Or Netscape
- Send To URL - Sends Host to A Url Of Your Choice
- Turn Monitor On/Off - This sends the hosts monitor to Powersave mode and it can only be turned back on by you!!
- Steal Passwords - _*This Is not inculeded Yet As I Can't Fiqure Out How The F*** to Do it!!!!*_ Mail Me If You Know How!
- Spawn Prog - (I Sugest using this along with the FTP server) Runs a Program
- Spawn Prog Invis - Spawns a program invisibly
- Reboot - (I inculed this incase it is needed but Please use it wisely Don't be a Lamer!!!!)
- Scanner - This is to scan for Hosts with DT server running
- Ping Host - Sends a packet to see in host is Running the Server
- Host System info

To use the FTP server you will need a FTP Client Like Cute FTP or WS_FTP, This allows you to Upload and download files from the server (Any Client Should Work)

Provided below, is a picture of what the "client" portion of the software looks like. It's what the remote user would use to control your system. What could be easier than "pointing and clicking" your way through another users PC?

How to Remove

Step 1.
Click START | SHUTDOWN. Choose "Restart in MS-DOS mode" and click OK.

Step 2.
After the computer has restarted, change to the WINDOWS\SYSTEM directory.

Step 3.
Type "DIR systray.exe" (without the quotes) and look at the size of the file. If it's over 300kb, then you've confirmed this is the "server portion" of the trojan.

Step 4.
Type "DEL systray.exe" (without the quotes) to delete it.

Step 5.
Press CTRL-ALT-DEL and allow Windows to restart.

Congratulations Deep Throat has been removed from your system.

Important Notes:
Because the trojan deletes and replaces Microsoft's SYSTRAY.EXE with the "server" portion, you'll have to either extract the original systray.exe from the CAB files, or copy it from another PC.

While Commodon Communications does not participate in or condone the activities of hacking. We recognize the need to educate persons who express an interest so they can better identify the activities associated and to better protect themselves and/or their organization. If you're interested in purchasing software for the purpose of learning the subject of hacking and Internet Security click here to visit our online store.