Deep Throat Trojan

  Ollieole 13:51 20 Jul 04
Locked

Over the last few days I have noticed that my Norton Firewall ie being set off every other minute reporting a block on the Deep Throat Trojan. Up until now my firewall has reported very little and just wondered why it has been going beserk with this over the last few days?

  poogles_uk 15:05 20 Jul 04

Have you updated it recently? I.e to block new items?

It probably means youve got that trojan running on your computer.

HAve you updated your antivirus recently? If not, do so and then run it.

  SANTOS7 15:34 20 Jul 04

click here just in case

  Fruit Bat /\0/\ 16:38 20 Jul 04

Deep Throat v2 currently affects Windows 95/98 PC's. It's rumored that the author is working on a Windows NT version.

In this version of Deep Throat, the trojan deletes the existing "systray.exe" which is normally 36kb in size with the "server" portion, which is approximately 301kb in size.

TCP port 6670, UDP Port 2140 and UDP port 3150 are used to establish its connection between the "client" and "server".

Once installed, it is rerun every time the computer is started by means of an entry under the "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" branch in the Registry.


How to Remove

Step 1.
Click START | SHUTDOWN. Choose "Restart in MS-DOS mode" and click OK.

Step 2.
After the computer has restarted, change to the WINDOWS\SYSTEM directory.

Step 3.
Type "DIR systray.exe" (without the quotes) and look at the size of the file. If it's over 300kb, then you've confirmed this is the "server portion" of the trojan.

Step 4.
Type "DEL systray.exe" (without the quotes) to delete it.

Step 5.
Press CTRL-ALT-DEL and allow Windows to restart.

Congratulations Deep Throat has been removed from your system.

Important Notes:
Because the trojan deletes and replaces Microsoft's SYSTRAY.EXE with the "server" portion, you'll have to either extract the original systray.exe from the CAB files, or copy it from another PC.

  johnsims 16:44 20 Jul 04

If you can get a copy of the Win95 systray.exe you will get rid of that annoying 20 or 30 second wait with an hourglass at the end of the boot up process.
Another example of M$ progress that isn't! If only they'd pay attention to detail!

  CurlyWhirly 16:45 20 Jul 04

FRUITBAT

You say that the author is working on a NT version.
Does this include Windows XP?
Also will my registered version of the a2 (a squared) trojan scanner detect this when it is released?
CW

  Ollieole 18:22 20 Jul 04

Sorry, should have said - I am running XP not 95/98

  Dan the Confused 19:22 20 Jul 04

If you haven't noticed anything wrong with your machine recently then your PC is probably just being scanned and blocked by your firewall.

It would be worth running anti-virus and anti-spyware software as a precaution though.

More info click here

  Bugzee 20:42 20 Jul 04

what is sys tray exe exactly ? ive disabled it in msconfig , and hasent made any difference ,or is it important for me to enable it back on start up ?

  Dan the Confused 20:58 20 Jul 04

Systray.exe is the system tray at the end of the taskbar (with the little icons and the clock). It is important and you should re-enable it. This thread is talking about a trojan that uses it's own version of systray.exe for it's own purposes.

  Al94 21:22 20 Jul 04

Try A2 free edition click here
Allegedly good for this sort of problem and free!

This thread is now locked and can not be replied to.

Nintendo Switch review: Hands-on with the intuitive modular console and its disappointing games…

1995-2015: How technology has changed the world in 20 years

New Corel ParticleShop plugin now available: 11 new brushes & 6 new brush packs

Apple AirPods review: Apple's beautiful new Bluetooth headphones bring true intelligence to…