RCT's & RAT's
What are they?
How do I detect them?
How many are there?
What ports do they use?
How do I Remove?
Acid Shivers (modified)
Deep Back Orifice
Deep Throat v2
Hack 'a' Tack
NetBus 2 Pro
Sockets 'de Troie
Sockets de Troie currently affects Windows 95/98 PC's.
The "server" portion is typically named "mschv32.exe".
Ports 5000 and 5001 (by default) are used to establish the connections between the "client" and "server".
Who is Responsible?
Unknown at this time...
There are two methods (that I know of) that Sockets de Troie can be unknowingly installed.
In the first, when the "server" portion is run, it shows an error dialog stating that SETUP32.DLL is missing. At the same time the "server" portion copies itself to WINDOWS\SYSTEM directory as MSCHV32.EXE and modifies the Windows Registry so it would be executed during every further Windows bootup.
In the second, when the "server" portion is run, it shows an error dialog stating that ISAPI32.DLL is missing. The "server" portion copies itself three times to the WINDOWS\ and WINDOWS\SYSTEM directories under the following names:
The virus also modifies Windows Registry to make these files be executed on every further Windows bootup:
Provided below, is a picture of what the "client" portion of the software looks like. It's what the remote user would use to control your system. What could be easier than "pointing and clicking" your way through another users PC?
How to Remove
Copyright Commodon Communications. All rights reserved.