RCT's & RAT's
What are they?
How do I detect them?
How many are there?
What ports do they use?
How do I Remove?
Acid Shivers (modified)
Deep Back Orifice
Deep Throat v2
Hack 'a' Tack
NetBus 2 Pro
Sockets 'de Troie
WinCrash currently affects Windows 95/98 PC's.
The "server" portion (typically named "server.exe") is approximately 290kb in size and can be found in the WINDOWS\SYSTEM directory.
TCP Port 5742 is used to establish the connection between the "client" and the "server".
Once installed, it is rerun every time the computer is started by means of an entry under the "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" branch in the Registry.
Who is Responsible?
WinCrash was written by two indivudals known as Terminal Crasher and M@niac_Teen.
Provided below, is a picture of what the "client" portion of the software looks like. It's what the remote user would use to control your system. What could be easier than "pointing and clicking" your way through another users PC?
How to Remove
Several steps involve working within the Windows 95/98 registry. And although the steps are easy, I cannot be held responsible if a mistake is made. Please use caution.
Provided below, is an example of what the default registry entry would look like:
Congratulations, WinCrash has now been removed from your system.
Copyright Commodon Communications. All rights reserved.