RCT's & RAT's
What are they?
How do I detect them?
How many are there?
What ports do they use?
How do I Remove?
Acid Shivers (modified)
Deep Back Orifice
Deep Throat v2
Hack 'a' Tack
NetBus 2 Pro
Sockets 'de Troie
Girlfriend currently affects Windows 95/98 PC's.
The "server" portion is named "windll.exe" and would be found in the WINDOWS directory.
Port 21554 (by default) is used to establish the connection between the "client" and "server".
Once installed, it is rerun every time the computer is started by means of an entry under the "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" branch in the Registry.
Who is Responsible?
Girlfriend was written by an individual calling himself General Failure for the sole purpose of stealing passwords.
Provided below, is a picture of what the "client" portion of the software looks like. It's what the remote user would use to control your system. What could be easier than "pointing and clicking" your way through another users PC?
For further information, you can visit General Failure's Website
How to Remove
The first five steps involve editing the Windows 95/98 registry. And although the steps are easy, I cannot be held responsible if a mistake is made. Please use caution.
Congratulations, Girlfriend has now been removed from your system.
Copyright Commodon Communications. All rights reserved.