Home | About Us | Contact Us | Threats to your Security on the Internet | Products | Support | Online Store

RCT's & RAT's
What are they?
How do I detect them?
How many are there?
What ports do they use?

How do I Remove?
Acid Shivers
Acid Shivers (modified)
Back Orifice
Baron Knight
Big Gluck
Blade Runner
Deep Back Orifice
Delta Source
Doly Trojan
Deep Throat
Deep Throat v2
Executer v1
Executer v2
Hack 'a' Tack
Master's Paradise
NetBus 2 Pro
Sockets 'de Troie
SubSeven (Sub7)
Whack-a-mole (NetBus)

Additional Resources
Latest News
Recommended Books
Recommended Links
Recommended Software

Hack 'a' Tack

Hack 'a' Tack currently affects Windows 95/98 PC's.

The server portion is named "expl32.exe" (236KB 5/16/99 2:49PM) and it will be found in the WINDOWS directory.

TCP ports 31785, 31787 and UDP ports 31789, 31791 (by default) are used to establish the connection between the "client" and "server".

Once installed, it is rerun every time the computer is started by means of an entry under the "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" branch in the Registry.

Who is Responsible?

Hack 'a' Tack was written by two persons calling themselves Da SuckA & The Bart33

Here are some of the functions that Hack 'a' Tack offers:

Here's a picture of what the "client" portion of the software looks like.

Hack 'a' Tack GUI screenshot

How to Remove Hack 'a' Tack

The first five steps involve editing the registry and although the steps are relatively easy, I cannot be held responsible if a mistake is made. Please use caution.

Step 1.
type REGEDIT and hit ENTER

Step 2.
In the left window, click the "+" (plus sign) to the left of the following:

Step 3.
In the right window, look for a registry key with the Name of "Explorer32" and the Data value of "C:\Windows\Expl32.exe". This is the registry key that provides the ability to load the server portion of the trojan whenever the PC is started.

Step 4.
In the right window, highlight the registry key that loads the file and press the DELETE key. Answer YES to delete the entry.

Step 5.
Exit the Registry

Step 6.
Click START | SHUTDOWN. Choose "Restart in MS-DOS mode" and click OK.

Step 7.
After the computer has restarted, change to the WINDOWS directory (e.g. CD WINDOWS) and delete the "Expl32.exe" file (e.g. DEL Expl32.exe).

Step 8.
Press CTRL-ALT-DEL and allow Windows to restart.

Congratulations, Hack 'a' Tack has now been removed from your system.

While Commodon Communications does not participate in or condone the activities of hacking. We recognize the need to educate persons who express an interest so they can better identify the activities associated and to better protect themselves and/or their organization. If you're interested in purchasing software for the purpose of learning the subject of hacking and Internet Security click here to visit our online store.

    © Copyright Commodon Communications. All rights reserved.