Commodon Communications - Threats to your Security on the Internet

RCT's & RAT's
What are they?
How do I detect them?
How many are there?
What ports do they use?

How do I Remove?
Acid Shivers
Acid Shivers (modified)
Back Orifice
Baron Knight
Big Gluck
Blade Runner
Bugs
Deep Back Orifice
Delta Source
Devil
Doly Trojan
Deep Throat
Deep Throat v2
Executer v1
Executer v2
Girlfriend
Hack 'a' Tack
Master's Paradise
NetBus
NetBus 2 Pro
NetSphere
Sockets 'de Troie
SubSeven (Sub7)
Whack-a-mole (NetBus)
WinCrash

Additional Resources
Latest News
Recommended Books
Recommended Links
Recommended Software

Girlfriend

Girlfriend currently affects Windows 95/98 PC's.

The "server" portion is named "windll.exe" and would be found in the WINDOWS directory.

Port 21554 (by default) is used to establish the connection between the "client" and "server".

Once installed, it is rerun every time the computer is started by means of an entry under the "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" branch in the Registry.

Who is Responsible?

Girlfriend was written by an individual calling himself General Failure for the sole purpose of stealing passwords.

Provided below, is a picture of what the "client" portion of the software looks like. It's what the remote user would use to control your system. What could be easier than "pointing and clicking" your way through another users PC?

BO GUI screenshot

For further information, you can visit General Failure's Website

How to Remove

The first five steps involve editing the Windows 95/98 registry. And although the steps are easy, I cannot be held responsible if a mistake is made. Please use caution.

Step 1.
Click START | RUN
type REGEDIT and hit ENTER

Step 2.
In the left window, click the "+" (plus sign) to the left of the following:
HKEY_LOCAL_MACHINE
Software
Microsoft
Windows
CurrentVersion
Run

Step 3.
In the right window, look for a key that loads a file called "windll.exe".

Step 4.
In the right window, highlight the key that loads the file and hit the DELETE key. Answer YES to delete the entry.

Step 5.
Exit the Registry

Step 6.
Reboot your computer

Step 7.
After the computer has restarted, open Windows Explorer

Step 8.
Go to the WINDOWS directory and look for the "windll.exe" file. Once you've found the file, DELETE it.

Step 9.
Exit Windows Explorer and reboot your computer.

Congratulations, Girlfriend has now been removed from your system.

While Commodon Communications does not participate in or condone the activities of hacking. We recognize the need to educate persons who express an interest so they can better identify the activities associated and to better protect themselves and/or their organization. If you're interested in purchasing software for the purpose of learning the subject of hacking and Internet Security click here to visit our online store.