|
| Name: | Deep Throat |
| Aliases: | Win32.DeepThroat, DTV2, DTV3, BackDoor-J.srv, BackDoor-J.cli, Backdoor.DeepThroat, |
| Ports: | 41, 999, 2140 (UDP), 3150 (UDP), 6670, 6771, 60000 |
| Files: | Dtv1.zip - 518,427 bytes Dtv2.zip - 713,805 bytes V2client.zip - 410,145 bytes Dtv2.1.zip - 299,996 bytes V3server.zip - 259,875 bytes V3client.zip - 519,032 bytes V31server.zip - 277,217 bytes V31client.zip - 707,056 bytes V31liteclient.zip - 594,953 bytes Remotecontrol.exe - 271,959 bytes Remotecontrol.exe - 414,644 bytes Remotecontrol.exe - 414,657 bytes Remotecontrol.exe - 505,344 bytes Server.exe - 533,013 bytes Dtv3 client.exe - 483,840 bytes Dtv3.1 client.exe - 622,800 bytes Client.sys - 26,112 bytes Confstub.sys - 26,112 bytes Confstub.dll - 26,112 bytes Confstub2.dll - 27,648 bytes Binder.dll - 26,112 bytes Systempatch.exe - 266,752 bytes Systempatch.exe - 269,971 bytes Systempatch.exe - 284,160 bytes Systempatch.exe - 307,398 bytes Systempatch.exe - 312,180 bytes Systempatch.exe - 491,000 bytes System32.exe - Systray.exe - Deep throat mib.exe - 310,690 bytes Systemio.exe - |
| Created: | Oct 1998 |
| Requires: | N/A |
| Actions: | Remote Access / FTP server / Steals passwords |
| Versions: | 1.0, 2.0, 2.1, 3.0, 3.1 (No longer developed by ^Cold^ ). |
| Registers: | HLM\Software\Microsoft\Windows\CurrentVersion\Run\ (version 2.0 does not register) |
| Notes: | Works on Windows 95, 98 and NT. ˆ Source code is available. There is a Global Master Password backdoor in all the servers: v2.1 - whothefuckdoyouthinkiamgoddamnit1 v3.* - whothefuckdoyouthinkiamgoddamnit3 |
| Country: | N/A |
| Program: | Written in Delphi 4. |
 Using the Process Monitor from AATools, you will see whether any foreign
programs are running on your computer. If you find some unwanted program, you
can terminate it by clicking the 'Terminate Process' button on the Toolbar.
Using the AATools Network Monitor, you can see what ports are in use on
your local PC for connection with remote systems (LAN/Internet). On Windows
NT/2000/XP the Network Monitor will display you the services that are active on
the ports, and map the ports to their respective applications. If you register
port probes directed against ports that are normally not used, it is possible
that someone is trying to connect to a Trojan inside your network. Using the
Registry Cleaner (Startup section) from AATools, you will see
the list of programs that are registered under Run, RunOnce, RunOnceEx and
RunService registry keys. So you can find out what programs are started behind
your back. You should check these programs to see they are legitimate ones but
not Trojans programs.
0-C | D-H | I-N
| O-S | T-Z
If you have any questions or information about ports used by Trojans not
listed above, please contact us. |
