Commodon Communications - Threats to your Security on the Internet

RCT's & RAT's
What are they?
How do I detect them?
How many are there?
What ports do they use?

How do I Remove?
Acid Shivers
Acid Shivers (modified)
Back Orifice
Baron Knight
Big Gluck
Blade Runner
Bugs
Deep Back Orifice
Delta Source
Devil
Doly Trojan
Deep Throat
Deep Throat v2
Executer v1
Executer v2
Girlfriend
Hack 'a' Tack
Master's Paradise
NetBus
NetBus 2 Pro
NetSphere
Sockets 'de Troie
SubSeven (Sub7)
Whack-a-mole (NetBus)
WinCrash

Additional Resources
Latest News
Recommended Books
Recommended Links
Recommended Software

Whack-a-mole (aka NetBus)

Whack-a-mole is a game making its way around the Internet. When playing, the user attempts to whack moles that continually pop up out of the ground. Sounds like fun, doesn't it? Well, don't get too excited. The true purpose of this game isn't to provide you with entertainment, but to provide entertainment for the hacker who's sifting through the contents of your hard drive.

Whack-a-mole is a modifed version of NetBus. It currently affects Windows 95/98 PC's and Windows NT PC's.

Provided below, is a picture of what the Whack-a-Mole game looks like. If you have this game on your system, I highly suggest that you check your system for the NetBus server portion.

Whack-a-Mole game screenshot

Ports 12361 and 12362 (by default) are used to establish its connection between the "client" and "server".

Once installed, it is rerun every time the computer is started by means of an entry under the "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" branch in the Registry.

How to Remove

Several steps involve working within the Windows 95/98 or Windows NT registry. And although the steps are easy, I cannot be held responsible if a mistake is made. Please use caution.

Step 1.
Click START | RUN
type REGEDIT and hit ENTER

Step 2.
In the left window, click the "+" (plus sign) to the left of the following:
HKEY_LOCAL_MACHINE
Software
Microsoft
Windows
CurrentVersion
Run

Step 3.
In the right window, highlight each of the following and delete it:

"NetBuster"
"SysCopy"

Step 4.
In the left window, click the "+" (plus sign) to the left of the following:
HKEY_LOCAL_MACHINE
Software
Microsoft
Windows
CurrentVersion
RunServices

Step 5.
In the right window, highlight each of the following and delete it:

"RunDll"
"RunDll32"

Step 6.
In the left window, click the "+" (plus sign) to the left of the following:
HKEY_CLASSES ROOT

Step 7.
Under HKEY_CLASSES ROOT, look for the "\.dl_" key. Delete it.

Step 8.
Reboot your system to MS-DOS mode.

Step 9.
Change to the WINDOWS directory (if using Windows 95/98) or WINNT directory (if using NT).

Step 10.
Delete the following files:

keyhook.dll
keyhook.dl_
nbsetup.reg
nb2setup.reg
ntsetup.reg
nt2setup.reg
rundll.dl_
whack.exe

Step 11.
Reboot your system...

Congratulations, Whack-a-mole has been removed from your system.

While Commodon Communications does not participate in or condone the activities of hacking. We recognize the need to educate persons who express an interest so they can better identify the activities associated and to better protect themselves and/or their organization. If you're interested in purchasing software for the purpose of learning the subject of hacking and Internet Security click here to visit our online store.