Executer v1 currently affects Windows 95/98 PC's.
The "server" portion is named "exec.exe". It's approximately 249Kb in size and can usually be found in the either the WINDOWS or WINDOWS\SYSTEM directory.
Port 80 (by default) is used to establish the connection between the "client" and "server".
Once installed, it is rerun every time the computer is started by means of an entry under the "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" branch in the Registry.
Who is Responsible?
Executer v1 was written by an individual named Lavar.
Here are some of the functions that Executer v1 offers:
- Destroy Mouse Double Click
- Change All System Colors To Yellow
- Change All System Colors To Black
- Change All System Colors To Blue
- Change All System Colors To Red
- Hang Up All Connections
- Disable CTRL+ALT+DEL Keys
- Set Cursor Position To 0,0
- Hide Windows TaskBar
- Reboot Computer
- Enable Jumping Mouse
- Enable Mouse Double Click
- Enable CTRL+ALT+DEL Keys
- Show Windows TaskBar
- Disable Jumping Mouse
- Copy EXECUTER To C:\Windows\ Directory
- Add EXECUTER To Windows StartUp
- Show Message-'Hello'
- Show Message-'Hello b---h!!!!!!!!!!!!!!'
- Show Message-'Do u ready to f--k your system??????!!!'
- Show Message-'ShutUp b---h!!!!!!!!!!'
- Show Message-'Get ready to start!!!!!!'
- Show Message-'Thats All b---h!!!!!!!!!'
- Show Message-'Why dont u answer to me??'
- Show Message-'Do u scare?'
- Show Message-'F--k You!'
- Show Message-' '
- Delete C:\Logo.sys
- Delete C:\Windows\Win.com
- Delete C:\IO.sys
- Delete C:\Windows\System.ini
- Delete C:\Windows\Win.ini
- Delete C:\Config.sys
- Delete C:\Autoexec.bat
- Delete C:\Command.com
- Delete Regedit.exe
- Delete Taskman.exe
- Enable Paiting On The Screen('DIE!!! DIE!!! DIE!!!')
- Disable Paiting On The Screen('DIE!!! DIE!!! DIE!!!')
- Enable Creating Of Many Forms With Caption('DIE!!! DIE!!! DIE!!!')
- Disable Creating Of Many Forms With Caption('DIE!!! DIE!!! DIE!!!')
- Enable PC Speaker Beeping
- Disable PC Speaker Beeping
- Show Fake Delete Dialog
Here's a picture of what the "client" portion of the software looks like.
How to Remove Executer v1
The first five steps involve editing the registry and although the steps are relatively easy, I cannot be held responsible if a mistake is made. Please use caution.
Click START | RUN
type REGEDIT and hit ENTER
In the left window, click the "+" (plus sign) to the left of the following:
In the right window, look for a registry key with a Data value that loads the "exec.exe" file. This is the registry key that provides the ability to load the server portion of the trojan whenever the PC is started.
In the right window, highlight the registry key that loads the file and press the DELETE key. Answer YES to delete the entry.
Exit the Registry
Click START | SHUTDOWN. Choose "Restart in MS-DOS mode" and click OK.
After the computer has restarted, change to the WINDOWS or WINDOWS\SYSTEM directory (e.g. CD WINDOWS or CD WINDOWS\SYSTEM) and delete the "exec.exe" file (e.g. DEL exec.exe).
Press CTRL-ALT-DEL and allow Windows to restart.
Congratulations, Executer v1 has now been removed from your system.
While Commodon Communications does not participate in or condone the activities of hacking. We recognize the need to educate persons who express an interest so they can better identify the activities associated and to better protect themselves and/or their organization. If you're interested in purchasing software for the purpose of learning the subject of hacking and Internet Security click here to visit our online store.